Coupang's massive data breach is expected to have only a limited impact on the number of customers leaving the platform, due to the company's dominant position and differentiated services, analysts said Wednesday.
The breach, which exposed the personal information of 33.7 million users, is the largest in Korean history. It reportedly occurred five months ago due to a former employee, but remained undetected until recently.
Coupang shares dropped 5.36 percent on Monday (local time) following reports of the breach over the weekend. The stock, however, rebounded slightly on Tuesday, rising 0.23 percent to close at $26.71 in New York trading.
Despite the negative headlines, Coupang's domestic rivals saw modest gains or remained largely unaffected.
From Monday to Wednesday, Naver shares climbed 1.44 percent to 246,500 won ($167.85). Naver operates e-commerce platforms, including Naver Store and Naver Pay. Emart and Lotte Shopping also advanced 4 percent and 3.1 percent, respectively, while the benchmark KOSPI index added 2.96 percent.
Coupang controlled 22.7 percent of Korea's e-commerce market by revenue last year, ahead of Naver at 20.7 percent, Gmarket and Auction at 8 percent, and SSG.com at 3 percent.
Analysts say the company's flagship services — such as Rocket Delivery, a free next-day delivery service, and Coupang Play, a streaming platform — provide enough value to limit customers from leaving the platform. Even if some users do depart, rivals may see little benefit
Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang
"id": "COU1764771660",
"linkid": "coupang",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '33.7 million',
'industry': 'Retail',
'location': 'South Korea',
'name': 'Coupang',
'size': None,
'type': 'E-commerce'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '33.7 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': None,
'type_of_data_compromised': 'Personal '
'information'},
'description': 'Coupang experienced a massive data breach '
'exposing the personal information of 33.7 '
'million users, the largest in Korean history. '
'The breach occurred five months ago due to a '
'former employee but remained undetected until '
'recently.',
'impact': {'brand_reputation_impact': 'Negative headlines, stock '
'drop of 5.36%',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal information of 33.7 '
'million users',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Former employee'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': None,
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Former Employee',
'title': 'Coupang Massive Data Breach',
'type': 'Data Breach'}