Over 30 million accounts affected in Coupang data breach, police say

A Coupang delivery truck is seen on a street in Seoul on Jan. 23. [NEWS1]

 
Police have counted over 30 million accounts affected in the massive customer data breach at e-commerce giant Coupang — roughly 10,000 times more than the 3,000 accounts the company claimed when it disclosed the incident last month.
 
“The number of compromised records containing names, emails and other information is over 30 million, based on account count,” said Park Jeong-bo, head of the Seoul Metropolitan Police Agency, during a regular press briefing on Monday. “Coupang said only 3,000 accounts were leaked, but far more data was actually compromised.”
 
 
On Dec. 25 last year, Coupang said in a self-investigation report that a former employee had accessed 33 million accounts, retained data from about 3,000, and later deleted all user information without transmitting it to anyone else.
 
Police explained that the 30 million figure refers to accounts, each of which can include multiple types of personal information, such as names and email addresses.  
 
Park noted that the discrepancy between the police assessment and Coupang’s findings may be due to different standards for defining the breach’s scale.
 
Nonetheless, suspicion is growing that Coupang underreported the breach.  
 
“Further investigation is needed,” Park said when asked about Coupang’s underreporting of the breach.
 

A Coupang delivery truck is seen in parked in front of a Coupang logistics center in Seoul on Jan. 23. [YONHAP]

 
Police are nearly finished analyzing digital devices and other materials seized during a raid of Coupang headquarters.
 
They have also issued a third summons to Harold Rogers, interim CEO of Coupang Korea, as part of an investigation into potential destruction of evidence related to the company’s internal investigation.
 
Summonses were previously sent to Rogers on Jan. 1 and 7. There has been no response from Rogers or his representatives so far, according to police.
 
Even if Rogers fails to comply with the third summons, failure to appear “does not automatically lead to a request for an arrest warrant,” Park said.
 
“We would need to examine the reasons for noncompliance before making a decision,” he added.
 

Harold Rogers, interim CEO of Coupang Korea, answers lawmakers’ questions at a joint parliamentary hearing on Coupang’s personal data leak, unfair trade practices and labor conditions at the National Assembly in Yeouido, western Seoul, on Dec. 30, 2025. [NEWS1]

 
Meanwhile, police are also investigating the suspected data leaker.
 
“The outline of the case is nearly complete, including the method of access,” said Park.
 
Although a request for cooperation was sent via the International Criminal Police Organization (Interpol) to summon the suspect, there has reportedly been no response from Interpol so far.
 
Separately, police said two individuals — the director and a staff member — at Saekdongwon, a residential facility for people with severe disabilities in Ganghwa County, Incheon, have been booked on charges of sexual abuse.
 
“We began a preliminary investigation last May and conducted a search of the facility in September,” police said.
 
“The residents have severe disabilities and limited ability to communicate, so the investigation is taking time,” said Park. “But we will conduct a thorough investigation to uncover the truth.”

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY MOON SANG-HYEOK [[email protected]]