Regulatory push
Coupang apologises over massive data breach
Coupang, South Korea's largest e-commerce platform often dubbed the “Amazon.com of South Korea,” recently faced a massive data breach. The system of the company were illegally accessed causing a massive data breach and affecting the personal information of 33.7 million customer accounts. The breach was first detected by the company on November 18 but it believes the unauthorised access to customer accounts began on June 24 and was executed through overseas servers. Coupang says that the compromised information is limited to basic personal data and the highly sensitive financial details remain secure. Now, the South Korean Prime Minister Lee Nak-yon has called for stronger penalties against companies that fail to protect consumer data.As reported by Reuters, Lee emphasised that the companies must face tougher consequences when they fail to protect personal information. “We cannot allow negligence in data protection to go unpunished,” he said, urging lawmakers to strengthen penalties and enforcement measures.Along with this, Lee also stressed that protecting the trust of the consumer is of critical importance for South Korea’s digital economy, which heavily relies on e-commerce and online services.He also called for closer cooperation between government agencies and private firms to prevent future breaches.For the uninitiated, South Korea already has some strict data privacy laws under the Personal Informatio
Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang
"id": "COU1764684623",
"linkid": "coupang",
"type": "Breach",
"date": "11/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '33.7 million',
'industry': 'Retail / E-commerce',
'location': 'South Korea',
'name': 'Coupang',
'size': 'Large (33.7 million customers '
'affected)',
'type': 'E-commerce Platform'}],
'attack_vector': 'Unauthorized access via overseas servers',
'customer_advisories': 'Public apology issued; customers advised '
'to monitor personal information',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes (accessed via overseas '
'servers)',
'file_types_exposed': None,
'number_of_records_exposed': '33.7 million',
'personally_identifiable_information': 'Yes '
'(e.g., '
'names, '
'contact '
'details)',
'sensitivity_of_data': 'Moderate (non-financial '
'personal data)',
'type_of_data_compromised': 'Basic personal '
'information'},
'date_detected': '2023-11-18',
'description': "Coupang, South Korea's largest e-commerce "
'platform, faced a massive data breach affecting '
'the personal information of 33.7 million '
'customer accounts. The breach was first detected '
'on November 18, but unauthorized access began on '
'June 24 via overseas servers. Compromised data '
'was limited to basic personal information, with '
'financial details remaining secure. The South '
'Korean Prime Minister called for stronger '
'penalties and enforcement measures to protect '
'consumer data.',
'impact': {'brand_reputation_impact': 'Potential damage due to '
'loss of consumer trust',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Basic personal information of '
'33.7 million customer accounts',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (due to exposure of '
'personal data)',
'legal_liabilities': 'Potential penalties under South '
"Korea's Personal Information "
'Protection Act (PIPA)',
'operational_impact': None,
'payment_information_risk': 'None (financial details '
'reported as secure)',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Overseas servers',
'high_value_targets': 'Customer '
'personal data',
'reconnaissance_period': 'June 24 to '
'November 18 '
'(approx. 5 '
'months)'},
'investigation_status': 'Ongoing (as of report date)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': ['Strengthen penalties for data protection '
'negligence',
'Enhance cooperation between government '
'agencies and private firms',
'Improve monitoring and detection of '
'unauthorized access, especially from '
'overseas servers'],
'references': [{'date_accessed': None,
'source': 'Reuters',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Potential penalties '
'and enforcement '
'measures urged by '
'South Korean Prime '
'Minister',
'regulations_violated': ['South '
"Korea's "
'Personal '
'Information '
'Protection '
'Act (PIPA)'],
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public apology issued; '
'cooperation with '
'government agencies '
'emphasized',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Coupang Massive Data Breach',
'type': 'Data Breach'}