- Government to conduct a thorough investigation and take swift action to address public concern 

- Government urges heightened vigilance against phishing and smishing scams impersonating Coupang

- Monitoring to be strengthened against the illicit circulation of personal data online, including on the dark web

The government held an emergency meeting at the Government Complex Seoul on November 30, chaired by Deputy Prime Minister and Minister of Science and ICT Bae Kyunghoon, to ensure a swift and coordinated response to the Coupang security breach and resulting personal data leak, and to prevent any further harm to the public.

※Attendees: Deputy Prime Minister and Minister of Science and ICT (Chair); Minister of the Office for Government Policy Coordination; Chairperson of the Personal Information Protection Commission; Third Deputy Director of the National Intelligence Service; and Acting Commissioner General of the National Police Agency.

Following Coupang’s notifications on November 19 of a security breach and on November 20 of a personal data leak, the government immediately launched an on-site investigation. Preliminary findings indicate that the attacker exploited an authentication vulnerability in Coupang’s servers to obtain unauthorized access—without undergoing normal login procedures—to more than 30 million customer accounts, exposing names, email addresses, phone numbers, and delivery addresses.

To ensure a thorough investigation and prevent further damage, the government activated a Joint Public-Private Investigation Team on November 30. The Personal Information Protection Commission is focusing its investigation on whether Coupang violated its obligations to implement adequate safeguards, including access control, authorization management, and encryption.

Meanwhile, to preempt secondary harm—such as phishing or smishing attacks seeking to steal personal information or funds by exploiting the incident—the government issued a nationwide security alert on November 29. It also designated a three-month period of strengthened monitoring for the unintended or unauthorized exposure of personal data online, including on the dark web.

Deputy Prime Minister Bae Kyunghoon urged, “Please be extremely cautious of phone calls or text messages from anyone impersonating Coupang to avoid secondary harm,” and stressed that “the government will make every effort to address public concern and minimize inconvenience resulting from this incident.”

For further information, please contact the Public Relations Division (Phone: +82-44-202-4034, E-mail: msitmedia@korea.kr) of the Ministry of Science and ICT. 

Please refer to the attached PDF.