Technology and online retail company Coupang is facing the consequences following the exposure of data from 33.7 million customer accounts. Authorities, regulators, and consumers have intensified scrutiny of the company as investigations progress and the impact of the leak becomes clearer.
Regulators launched a formal investigation after the breach was confirmed. Police said they are examining technical weaknesses and tracing the access route used to extract the data. Officials suspect that a former employee may have used an active authentication credential after leaving the company. Government agencies convened emergency meetings to review whether data protection rules were followed and whether Coupang met its obligations under national privacy law. Regulators said the firm’s compliance record and internal controls would be examined as part of the inquiry.
Public reaction has focused on the scale of the breach and the period during which the intrusion went undetected. The confirmed figure covers almost the entire user base and far exceeds the initial estimate of a few thousand affected accounts. Media commentary highlighted concerns about oversight after it emerged that the company held nationally recognised security certifications. Commentators questioned how the breach occurred despite those certifications and why internal systems did not detect the intrusion sooner.
Consumers have been advised to remain alert to phishing attempts. Security agencies warned that exposed contact information may be used to impersonate delivery services, customer support teams, or financial institutions. Agencies said the absence of leaked payment data does not eliminate risk because personal information can still support social engineering.
Legal consequences have also begun to emerge. Hundreds of customers have expressed interest in joining a class action seeking compensation for alleged harm. Lawyers representing those customers said they would examine whether the company took adequate steps to protect personal data and whether delays in identifying the breach contributed to exposure risks. Regulatory bodies said possible fines depend on the outcome of ongoing investigations and any confirmed non-compliance.
Government officials said the incident may lead to broader changes in data protection policy. They noted that repeated incidents at certified companies raise questions about the effectiveness of current compliance frameworks. Agencies are reviewing requirements for access management and employee permissions and are considering tighter oversight of large digital platforms.
Coupang stated that it has blocked the access route used in the incident and has strengthened internal monitoring. The company said it is cooperating with investigators and regulators. Authorities have indicated that further updates will follow as the inquiry progresses.