Police investigate Coupang data breach suspecting former employee

Coupang disclosed late last month a massive data breach compromising the personal information of 33.7 million customers, equivalent to more than half of South Korea's 52 million population. The leaked data included names, addresses, phone numbers, email addresses, and delivery details. Initially reported on November 18 as affecting 4,500 customers, the breach actually spanned from June to November, exploiting an electronic signature key.

The Seoul Metropolitan Police Agency's cyber investigation team raided Coupang's headquarters in Songpa, eastern Seoul, for about 10 hours on December 9, followed by a second raid on December 10 with a search warrant to seize evidence. Police have secured the IP address used in the breach and are tracking the leaker while examining potential technical vulnerabilities in the customer information management system. The warrant names a former Chinese national employee as a suspect on charges of breaching the information and communications network and leaking confidential data.

Coupang CEO Park Dae-jun confirmed during a National Assembly session on December 3 that the suspect had developed the company's authentication system. The revelation sparked online criticism questioning the hiring of a Chinese developer. Hiring Chinese developers is common in Korean and Japanese firms due to lower labor costs, driven by China's 17% youth unemployment and intense work culture like the banned '996' system, pushing many to seek opportunities abroad.

At a state policy meeting on December 10, Prime Minister Kim Min-seok stated, 'The Coupang issue has gone beyond the level of serious,' pledging a swift investigation into the cause and strict measures against any legal violations. The incident highlights security lapses in major firms and intensifies job competition for local developers amid global hiring trends and AI advancements.