Following a former employee's theft of the company’s data, the “Amazon of Korea” is issuing $1.17 billion in vouchers to compensate its customers.
The biggest threat to a data empire isn’t always hackers in hoodies – it’s increasingly a person with a still-working employee badge.The South Korean retail behemoth Coupang is issuing 1.685 trillion won (approximately $1.17 billion worth of purchase vouchers) to compensate clients after an employee stole data affecting 33.7 million customers.
Coupang has a massive customer base in South Korea, reporting 24.7 million active customers. Often called the “Amazon of Korea,” the e-commerce giant dominates the country’s retail, logistics, and warehousing sectors.
In September 2025, the company had approximately $33.66 billion in revenue.
An inside job
According to Coupang’s report, the perpetrator accessed data from roughly 33 million customer accounts but allegedly retained information from only about 3,000 users.
The stolen data reportedly included customers’ order histories and their buildings’ access codes. The investigation showed that no payment details, login credentials, or customs identification numbers were accessed.
Coupang states that it brought in incident-response firms Mandiant, Palo Alto Networks, and Ernst & Young to conduct a forensic investigation. The company also claims it obtained sworn statements from the accused.
According to local media, a Chinese national is responsible for the data theft. He is said to have been employed by Coupang at the time and reportedly resigned from the company, yet retained an active authentication key even after his contract ended.
Using that access, he allegedly extracted the data and then left South Korea shortly after the breach was reported. Investigators found a PC that the perpetrator used and surrendered. On one of its hard drives, investigators found the script used to access the data.
Suspect threw his MacBook Air into the river
Another device used in the heist was a MacBook Air. After news of the breach hit the media, the accused allegedly tried to erase the trail. According to testimony, he smashed the MacBook Air, stuffed it into a Coupang canvas bag along with bricks, and threw it into a river.
Using maps and descriptions provided by the attacker, divers recovered the MacBook Air laptop from the riverbed. The discovered device had a serial number that matched the serial number in the perpetrator’s iCloud account.
The perpetrator testified that the data had not left his devices and was later deleted. The investigation found “no evidence” that contradicts these statements.
“All Coupang executives and employees deeply regret the significant concern and distress the recent personal data leak has caused our customers. We have prepared a compensation plan as part of taking responsible action for our customers,” stated Harold Rogers, Coupang interim CEO.
Beginning January 15th, the company will start issuing vouchers equivalent to 50,000 won per customer. The vouchers will be used across the Coupang ecosystem, including its core marketplace, Coupang Eats, Coupang Travel, and R.LUX.
Comparison to SK Telecom
Coupang is the second major South Korean company to be shaken by data theft this year. In August, the country's largest mobile carrier, SK Telecom, was fined approximately 134 billion won ($96.53 million) after a cyberattack this year resulted in the leak of data for nearly 27 million users.
In April, the company announced that it would be issuing free SIM replacements to 23 million customers after being targeted by the Qilin ransomware group, which stole 1TB of data
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked