Over the weekend, South Korean e-commerce site Coupang announced that nearly 34 million personal details of Korean users had been exposed in a data breach that persisted for over five months.

The firm stated it initially discovered the unauthorized exposure of 4,500 user accounts on November 18, but a further inquiry revealed that around 33.7 million customer accounts in South Korea had actually been compromised.

According to Coupang, the breach impacted customers’ names, email addresses, phone numbers, shipping addresses, and certain order histories. However, the company confirmed that more sensitive information such as payment details, credit card numbers, and login credentials was not affected and remains safe.

Coupang reported the incident to the Korea Internet Security Agency (KISA), the Personal Information Protection Commission (PIPC), and the National Police Agency.

As one of South Korea’s largest e-commerce platforms, Coupang also provides a rapid delivery service named “Rocket Delivery” in the nation, while operating its marketplace in Japan and Taiwan. A Coupang representative informed TechCrunch that the investigation uncovered no signs that customer data from Coupang Taiwan or Rocket Now was impacted by the breach.

“The current investigation indicates that unauthorized access to personal information commenced on June 24, 2025, using overseas servers,” the company stated. “Coupang has blocked the access route, enhanced internal monitoring, and engaged experts from a top independent security firm.”

Reports suggest that police have identified at least one suspect, a former Chinese employee of Coupang now located abroad, following an investigation that was initiated after a complaint on November 18.

This marks the latest in a series of cybersecurity challenges encountered in South Korea this year. Coupang itself has experienced multiple data breaches in prior years that exposed information of customers and delivery drivers. Previous incidents occurred between 2020 and 2021, and most recently in December 2023, when its seller management system revealed personal details of over 22,000 customers.