South Korean e-commerce giant Coupang has issued a public apology after revealing that personal information from 33.7 million customer accounts was accessed without authorization, prompting a government probe and renewed concern about cybersecurity lapses at major firms.

In a statement posted on the company’s website, CEO Park Dae-jun acknowledged the scale of the incident, writing: "We sincerely apologise once again for causing our customers inconvenience." Authorities say the breach adds to a growing list of data leaks involving prominent businesses, including telecom operator SK Telecom.

The government convened an emergency meeting on Sunday, with Minister of Science and ICT Bae Kyung-hoon confirming that officials are examining whether Coupang failed to comply with mandatory safeguards for protecting user information. Investigators are now working with the company to determine how the intrusion occurred and whether regulatory violations were involved.

Coupang breach

Coupang has said it detected the breach on November 18 and immediately notified regulators. The firm is cooperating with law enforcement and cyber specialists as they work to trace the source of the attack. According to the company, customer names, phone numbers, shipping addresses, email contacts, and portions of order histories were exposed, though payment information and user login credentials were not accessed.

Local news agency Yonhap reported that a former Chinese employee is alleged of carrying out the unauthorized access through overseas servers. Coupang filed a police complaint earlier this month, and officers have begun an investigation into the allegations, Yonhap said.

The platform, widely regarded as the South Korean equivalent of Amazon thanks to its “Rocket” next-day delivery network, reported 24.7 million active users in the third quarter. Given its widespread use across the country, officials have issued warnings to the public. The Korea Internet & Security Agency, a state-run body, released an advisory urging those affected to remain vigilant against fraudulent messages and phishing attempts that may follow the leak.

Coupang has not provided further comment outside normal business hours.

Read more: Samsung to invest $310bln in AI, semiconductor expansion