At a parliamentary session Tuesday, government officials said that a breach of e-commerce giant Coupang that affected more than 30 million customers lasted from June to November. In this photo, a delivery vehicle is parked at a Coupang logistics center on Tuesday. Photo by Yonhap
A massive data breach attack against e-commerce giant Coupang Inc. that has affected over 30 million customers’ data lasted from June to November and involved the exploitation of the company’s electronic signature key, according to officials Tuesday.
“As we review all log data from July last year to November this year, we have confirmed that private data from more than 30 million accounts was leaked,” Second Vice Science Minister Ryu Je-myung said during a parliamentary session. “The attack was carried out from June 24 to Nov. 8.”
He said the attacker used Coupang’s electronic signature key, which is required to access the company’s servers.
Ryu said a police investigation is needed to identify the suspect, referring to reports of a purported former Coupang employee having emailed the company, claiming to have stolen more than 30 million items of personal information.
Coupang Chief Executive Officer (CEO) Park Dae-jun said the suspect had worked as a developer on the company’s verification system development team.
“The suspect could be an individual or multiple people,” he said during the same parliamentary session, declining to provide further details due to the ongoing police investigation.
Last week, the U.S.-listed e-commerce giant said personal information of 33.7 million customers had been compromised, indicating that personal information, including names, phone numbers, email addresses and delivery details for nearly all Coupang members, was affected.
Coupang, which provides overnight delivery of fresh food and daily necessities, is one of the most widely used shopping platforms in South Korea, with 34 million monthly active users in November, up 0.68 percent from a month earlier.
The incident has heightened public concern over the country’s overall data protection capabilities, following a series of major data leak cases this year involving companies, such as telecom giants SK Telecom Co. and KT Corp., and credit card firm Lotte Card Co.
During the session, Science Minister Bae Kyung-hoon stressed the need to implement a punitive damages system for data leaks.
“It is important to prevent a recurrence of incidents that directly harm the public and deepen concerns in the financial sector,” Bae said.
The punitive damages system is a legal mechanism that requires additional compensation beyond actual damages to punish perpetrators and prevent repeat offenses.
“The joint investigation team of the government and private sector will promptly and sternly conduct an investigation and take necessary measures,” Bae said, noting that the government will prepare a comprehensive plan, including the punitive damages system, within this year.
Copyright (c) Yonhap News Agency prohibits its content from being redistributed or reprinted without consent, and forbids the content from being learned and used by artificial intelligence systems.