When the news broke that over 33 million Coupang customers’ personal information was leaked, including names, addresses, phone numbers and their recent purchase histories — Kim Joo-young, 40, an office worker in Seoul, checked her phone immediately to change her passwords.
“It felt like someone could somehow just take everything from me, including my deposits in bank and brokerage accounts without me knowing,” she said. “I thought voice phishing was something I only hear on the news, but the Coupang incident taught me this is no joke and that it could happen to anyone. And that anyone could very well be me.”
On Saturday, a day after the leak was reported, she received a text claiming her “recent parcel could not be delivered.”
Normally, she would have ignored it. But when the whole country is talking about leaked addresses and purchases, that message suddenly felt like a threat she couldn’t brush off.
“I was extremely careful not to click on the link attached by mistake. In the past, I wouldn’t have thought twice about it, but at that moment, I was gripped by fear that I could be the next victim who would regret being careless later. I will pay extra caution when I go over messages from now on," Kim said.
Similarly, Park Min-soo, 40, an office worker, said he received a phone call from someone claiming to be a Coupang courier serviceperson, telling him there was a “problem with a recent purchase.”
He has not ordered anything recently, but he knew his wife did. The calle
Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang
"id": "COU1764662280",
"linkid": "coupang",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '33,000,000+',
'industry': 'Retail/Online Shopping',
'location': 'South Korea',
'name': 'Coupang',
'size': 'Large (over 33 million customers '
'affected)',
'type': 'E-commerce Platform'}],
'customer_advisories': 'Customers advised to change passwords '
'and exercise caution with unsolicited '
'messages (e.g., fake delivery '
'notifications).',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': '33,000,000+',
'personally_identifiable_information': ['Full '
'Names',
'Physical '
'Addresses',
'Phone '
'Numbers',
'Purchase '
'Records'],
'sensitivity_of_data': 'High (enables targeted '
'phishing, identity '
'theft, and financial '
'fraud)',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information (PII)',
'Transaction/Purchase '
'History']},
'description': "A massive data breach at Coupang, South Korea's "
'largest e-commerce platform, exposed the '
'personal information of over 33 million '
'customers, including names, addresses, phone '
'numbers, and recent purchase histories. The '
'incident triggered widespread fear of voice '
'phishing and identity theft among affected '
'users, who reported receiving suspicious texts '
'and calls exploiting the leaked data.',
'impact': {'brand_reputation_impact': 'Significant (widespread '
'public fear and distrust)',
'conversion_rate_impact': None,
'customer_complaints': 'Increased (reports of '
'suspicious texts/calls '
'exploiting leaked data)',
'data_compromised': ['Names',
'Addresses',
'Phone Numbers',
'Purchase Histories'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (customers reported '
'targeted phishing attempts)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'Indirect (fear of linked '
'financial accounts being '
'targeted via phishing)',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': ['Customer PII',
'Purchase '
'Histories'],
'reconnaissance_period': None},
'lessons_learned': 'Heightened public awareness of phishing '
'risks post-breach; customers reported '
'increased vigilance in verifying unsolicited '
'communications (e.g., texts/calls '
'referencing leaked purchase data).',
'motivation': ['Financial Gain', 'Fraud (e.g., voice phishing)'],
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': "Coupang Data Breach Exposes 33 Million Customers' "
'Personal Information',
'type': 'Data Breach'}