Coupang Suffers Second Major Data Breach in South Korea, Exposing 165,000 More Customers
South Korea’s largest e-commerce retailer, Coupang, has disclosed a second significant data breach, exposing the personal information of an additional 165,000 customers. The incident, confirmed on 5 February 2026 following a government investigation, expands the fallout from a November 2025 cyberattack that initially compromised 33 million records over half of South Korea’s population.
The latest breach involved names, phone numbers, and residential addresses of affected users. While financial data, login credentials, email accounts, and order histories were not accessed, the exposure of contact details raises concerns over potential identity theft and targeted fraud.
This incident follows a 2025 breach that leaked 460,000 records, underscoring a pattern of security failures at the company. South Korea’s Fair Trade Commission (FTC) is conducting a swift investigation, with the possibility of strict sanctions, including business suspension, if violations of the Personal Information Protection Act are found. Legal experts, including Kyung Hee University law professor Song Se-ryeon, warn that punitive action against Coupang could set a precedent for major platform firms.
Coupang’s CEO is currently under criminal investigation, with probes expected to continue through 2026. The company faces fines, litigation, and mandatory security reforms, while regulators push for stronger cybersecurity measures across Asia. The breach has intensified scrutiny on corporate data protection, with trust in Coupang eroding amid fears of market share losses to competitors.
Source: https://www.techi.com/coupang-data-breach-2026-165000-customers-affected/
Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang
"id": "COU1770296279",
"linkid": "coupang",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '165,000',
'industry': 'Retail',
'location': 'South Korea',
'name': 'Coupang',
'size': 'Large',
'type': 'E-commerce retailer'}],
'data_breach': {'number_of_records_exposed': '165,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Moderate',
'type_of_data_compromised': ['Names',
'Phone numbers',
'Residential addresses']},
'date_detected': '2026-02-05',
'date_publicly_disclosed': '2026-02-05',
'description': 'South Korea’s largest e-commerce retailer, Coupang, has '
'disclosed a second significant data breach, exposing the '
'personal information of an additional 165,000 customers. The '
'incident involved names, phone numbers, and residential '
'addresses of affected users. Financial data, login '
'credentials, email accounts, and order histories were not '
'accessed, but the exposure raises concerns over potential '
'identity theft and targeted fraud.',
'impact': {'brand_reputation_impact': 'Eroding trust, potential market share '
'losses to competitors',
'data_compromised': 'Personal information (names, phone numbers, '
'residential addresses)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Fines, litigation, mandatory security '
'reforms',
'payment_information_risk': 'None'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': 'Pattern of security failures'},
'recommendations': 'Stronger cybersecurity measures, mandatory security '
'reforms',
'references': [{'source': 'Government investigation, Fair Trade Commission '
'(FTC)'}],
'regulatory_compliance': {'legal_actions': 'Criminal investigation of CEO, '
'potential business suspension',
'regulations_violated': ['Personal Information '
'Protection Act'],
'regulatory_notifications': 'Fair Trade Commission '
'(FTC) investigation'},
'title': 'Coupang Suffers Second Major Data Breach in South Korea, Exposing '
'165,000 More Customers',
'type': 'Data Breach'}