Police raided the headquarters of e-commerce giant Coupang on Tuesday to seize evidence related to a massive data breach affecting 33.7 million customers. The Seoul Metropolitan Police Agency's cyber investigation team conducted the search in southern Seoul. Officials aim to determine the leak's cause, route, and perpetrator using the secured digital evidence.
On Tuesday, the cyber investigation team of the Seoul Metropolitan Police Agency raided Coupang Inc.'s headquarters in southern Seoul to seize evidence linked to the company's massive data breach. Coupang disclosed late last month that personal information of 33.7 million customers—nearly its entire user base—had been compromised, including names, phone numbers, email addresses, and delivery details.
A police official stated, "Based on the secured digital evidence, (we) plan to comprehensively determine the overall facts of the case, such as the leaker of the personal information as well as the route and cause of the leak." Prior investigations relied on data voluntarily provided by Coupang, but this raid allows for more direct evidence collection. Authorities have already secured the Internet Protocol address used in the breach and are tracking the suspect.
The incident has sparked broader repercussions. A U.S. subsidiary of South Korean law firm Daeryun, SJKP Law Firm LLP, announced plans to file a class-action lawsuit against Coupang's Seattle-based U.S. headquarters in a New York federal court as early as this month. Around 200 victims have joined, focusing on corporate governance failures and disclosure violations, separate from a Korean consumer compensation suit.
The Fair Trade Commission (FTC) launched a probe into Coupang's allegedly complex account deletion process, which requires multiple steps like entering passwords twice and completing surveys, potentially violating the Act on Consumer Protection in Electronic Commerce. The FTC ordered Coupang to submit simplification measures preemptively, while also scrutinizing terms that exempt the company from liability for third-party server breaches.
User backlash is evident in data from market tracker IGAWorks: Coupang's daily active users fell to 16.17 million as of Friday, down over 1.81 million from 17.98 million four days earlier. Competitors like Gmarket saw gains of 250,416 users post-disclosure.
The presidential office urged swift preventive actions to avert secondary harms like scams or credit card misuse. Chief of Staff Kang Hoon-sik demanded Coupang outline responsibility for any damages and review potentially unfair clauses in its terms. Coupang maintains no financial data or login credentials were exposed and no secondary damage has been detected, but the breach—undetected for months—raises serious questions about cybersecurity in South Korea's e-commerce sector.
