South Korean e-commerce company Coupang Inc. said an expanded estimate shows about 165,000 additional user accounts were impacted in a cybersecurity breach disclosed in January 2026. The company previously reported that millions of accounts had been affected and said the expanded figure reflects an ongoing investigation into the incident.
Coupang said the additional accounts impacted were part of systems that store personal information, including names, email addresses, and mobile phone numbers. A spokesperson said the expanded estimate was identified after further forensic analysis of affected platforms and that there is no evidence of unauthorised access to financial information or login credentials. The company said it has not seen reports of misuse of data tied to the newly identified accounts.
The breach was revealed in January when Coupang reported that unauthorised access to its systems exposed personal data belonging to millions of users of its services. Company officials said the incident involved a third-party service provider’s system rather than Coupang’s core infrastructure, and that the unauthorised access was detected through routine security monitoring. Coupang said it acted promptly to isolate the affected environment and engaged external cybersecurity experts to assist with the investigation and containment.
Coupang provides online retail and delivery services across South Korea and holds personal information on users who create accounts for shopping and logistics tracking. The company reiterated that financial account details, payment card numbers, and passwords were not accessed in the breach. It said multifactor authentication and other safeguards protecting customer accounts remained intact.
Officials said the expanded impact figure was communicated to affected users, along with advice on how to recognise and avoid phishing or other suspicious communications. Coupang said it has offered complimentary credit monitoring services to eligible customers and is working with law enforcement authorities as the investigation continues. Users were also reminded to update passwords and review account security settings.
Cybersecurity analysts said it is common for breach impact figures to be revised as investigations progress and more compromised accounts are identified. Online companies may continue to refine their understanding of incidents as forensic analysis uncovers further evidence of unauthorised access. Coupang said it will provide updates if additional affected users are identified.