South Korean police said on Monday they were tracing IP addresses and looking into possible tech vulnerabilities at Coupang after the e-commerce giant suffered the country's worst data breach in over a decade. South Korean President Lee Jae Myung on Tuesday called for increased penalties for corporate negligence in data breaches, saying a massive leak at e-commerce giant Coupang had served as a wake-up call.
The personal data of more than 33 million customers was leaked in a breach believed to have started on June 24 through overseas servers, though the company did not learn of the problem until November 18.
Ordering a review of fines and punitive damages in such cases, Lee told a cabinet meeting it was "astonishing" that Coupang did not detect the breach for five months, adding those responsible must be quickly identified and held accountable.
"The wrong practice and the idea of not giving necessary care for personal data protection, which is a key asset in the age of artificial intelligence and digitalisation, must be completely changed," he said.
South Korea's Science Minister Bae Kyung-hoon said on Sunday the perpetrator had "abused authentication vulnerabilities" in Coupang's servers, and that authorities would be investigating whether the company violated rules regarding the protection of personal information.
Coupang, which is backed by Japan's SoftBank Group, has said the breach exposed customers' names, email addresses, phone numbers, shipping addresses and certain order histories, but not payment details or login credentials.
Broadcaster JTBC has reported that after conducting an internal investigation, Coupang suspects that a Chinese former employee, who was responsible for authentication tasks, was a key figure in the data breach.
A former employee used their authentication key that was still active after the termination of the person's contract to get access to customer information, lawmaker Choi Min-hee said in a statement on Monday.
Police and Coupang declined to comment on possible suspects.
As of Monday afternoon, internet postings showed that more than 10,000 people planned to join a possible class action lawsuit against Coupang. Lawyer Ha Hee-bong said the potential class action could seek compensation of more than 100,000 won ($68) per person.
Coupang, founded by Korean-American Harvard graduate Bom Kim in 2010, is the country's most popular e-commerce platform. It has overtaken family-owned conglomerates like Shinsegae in South Korean e-commerce and is also expanding into food delivery, streaming and fintech.
Kang Hoon-sik, South Korean presidential chief of staff, on Monday said four major data leak incidents since 2021 showed "structural loopholes" in personal information protection in South Korea.
In August, the country's largest mobile carrier SK Telecom was fined about 134 billion won ($96.53 million) after a cyberattack this year caused the leak of data for nearly 27 million users.
Kang also said the latest incident involving Coupang should be an opportunity to improve the punitive damage system, which he said was not enforced in a way that would prevent massive data compromise.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked