Massive Data Breach at Coupang Under Police Investigation
South Korean police are probing a significant personal data breach at e-commerce giant Coupang, securing records from the company’s HashiCorp Vault, a key management system used to encrypt sensitive data and issue access credentials. The investigation centers on a Chinese national suspect, a former staff software engineer at Coupang with nearly 20 years of experience, who previously worked at a Nasdaq-listed company and held a middle management role.
The suspect, described as "a developer above developers," allegedly exploited access to HashiCorp Vault—a system designed to securely store passwords, API keys, and authentication credentials—between April 11 and November 8, 2024. Police have seized logs detailing account usage, exports, and management histories to assess whether Coupang’s security protocols were properly enforced, including whether the suspect retained access after leaving the company in late 2024.
A joint public-private investigation team is evaluating whether Coupang’s security measures were adequate, with experts warning that lax internal policies could complicate the case. If logs were deleted or retention periods expired, the probe may face challenges. Analysts note that insufficient security practices could further harm Coupang’s standing, as companies often implement systems without strict enforcement.
Police have conducted five consecutive days of search and seizure operations at Coupang’s headquarters, examining the suspect’s personnel records, performance evaluations, and devices (PCs, laptops, USB drives). They are also reviewing internal IT staffing data from November 2022 to January 2024, including names, roles, and nationalities, to determine the breach’s scope and motive.
Meanwhile, Coupang Chair Kim Bom and other executives will not attend a parliamentary hearing on the incident, citing "unavoidable business schedules." The move has drawn criticism from lawmakers, including Choi Min-hee, chair of the National Assembly’s Science and ICT Committee, who called the excuses "irresponsible and unacceptable." Former CEOs Park Dae-jun and Kang Han-seung also submitted written statements declining attendance. The hearing is scheduled for Wednesday.
Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang
"id": "COU1765764252",
"linkid": "coupang",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Retail, Technology',
'location': 'South Korea',
'name': 'Coupang',
'size': 'Large (global operations in over 170 '
'countries)',
'type': 'E-commerce'}],
'attack_vector': 'Insider Threat',
'data_breach': {'data_encryption': 'Encrypted via HashiCorp Vault, but access '
'logs were compromised',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': 'Personal data'},
'description': 'Police are investigating a significant personal data breach '
'at Coupang, where a Chinese national suspect, a former staff '
'software engineer, allegedly carried out the leak. '
'Investigators have secured records from Coupang’s key '
"management system, HashiCorp Vault, to assess the breach's "
'scope and the company’s security measures.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'security lapse',
'data_compromised': 'Personal data',
'identity_theft_risk': 'High (personal data compromised)',
'legal_liabilities': 'Potential regulatory fines and legal actions',
'systems_affected': 'HashiCorp Vault (key management system), '
'authentication systems'},
'initial_access_broker': {'high_value_targets': 'HashiCorp Vault, '
'authentication systems'},
'investigation_status': 'Ongoing (search and seizure operations ongoing for '
'fifth straight day)',
'post_incident_analysis': {'root_causes': 'Potential improper access '
'revocation, lax security policies, '
'insufficient log retention'},
'references': [{'source': 'The JoongAng Ilbo'},
{'source': 'Seoul Metropolitan Police Agency'},
{'source': '78 Research Lab'}],
'regulatory_compliance': {'legal_actions': 'Potential (pending '
'investigation)'},
'response': {'containment_measures': 'Seizure of HashiCorp Vault logs, '
'suspect’s devices, and internal records',
'law_enforcement_notified': 'Yes (Seoul Metropolitan Police '
'Agency)'},
'threat_actor': 'Chinese national suspect (former Coupang staff software '
'engineer)',
'title': 'Massive Personal Data Breach at Coupang',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper access revocation, potential lax '
'security policies'}