Overview
- Authorities confirm 33.7 million customer accounts were exposed, including names, phone numbers, emails, addresses and some order histories, while payment data and passwords were not compromised.
- Government testimony says the attacker exploited Coupang’s electronic signature key to reach internal servers from June 24 to Nov. 8, and the prime suspect is a former developer who worked on authentication systems.
- President Lee ordered tougher fines and the introduction of punitive damages, calling the undetected months-long leak shocking and directing ministries to deliver stronger privacy enforcement.
- Police are tracing IPs and an email account linked to threatening messages that urged stronger security without demanding money, and investigators are checking whether stolen data has been transferred or sold as monitoring for phishing intensifies.
- Class-action efforts accelerated this week with multiple law firms recruiting thousands of plaintiffs, and the Personal Information Protection Commission is considering a penalty that could top 1 trillion won under the Personal Information Protection Act.