Coupang issues revised notice citing 'data breach,' no signs of secondary damage

Seoul, Dec 7
E-commerce giant Coupang issued a revised notice on Sunday to clearly describe a recent incident as a data breach following a government order while noting that the police have found no evidence of secondary damage.

"An incident involving the breach of customers' personal information has occurred," Coupang said in the new notice.

"No new leakage has taken place, and this notice is intended to provide guidance on precautions to prevent further damage, such as impersonation or phishing, related to the personal information leak that we have notified since Nov. 29."

On November 29, Coupang disclosed that the personal information of 33.7 million customers -- nearly its entire user base -- had been compromised, including their names, phone numbers, email addresses and delivery details.

The data breach appears to have originated through overseas servers since June 24, according to the U.S.-listed company.

"We promptly reported the incident to relevant authorities as soon as we became aware of the breach and are currently cooperating with the Ministry of Science and ICT, the Korean National Police Agency, the Personal Information Protection Commission, the Korea Internet & Security Agency and the Financial Supervisory Service to conduct an investigation into the case," the e-commerce giant said.

Coupang said that no payment information, including credit card or bank account numbers; no login credentials, such as passwords; and no personal customs clearance codes were compromised.

Coupang said police have confirmed no cases of secondary damage using the leaked information have been identified so far.

The revised notice came four days after the Personal Information Protection Commission ordered Coupang to change its description of the incident from personal information "exposure" to "breach" and to reflect the scope of all affected information on its notice amid public criticism over the company's alleged efforts to downplay the gravity of the incident.

Meanwhile, Coupang asked its customers not to click on links from unknown sources and to report suspicious activities to related authorities.