Breach taxonomy
Summary
On November 18, 2025, Coupang Corp. (a Korean subsidiary of Coupang, Inc.) detected a cybersecurity incident in which a former employee may have obtained names, phone numbers, delivery addresses, email addresses, and order histories associated with up to approximately 33 million customer accounts. No banking, payment card, or login credentials were compromised, and operations were not materially disrupted. Korean regulatory authorities initiated investigations and financial penalties may result; the CEO of the Korean subsidiary resigned on December 10, 2025.
Tagging rationale
ThreatPriv Insider
Filing explicitly states 'a former employee may have obtained' customer data, directly attributing the incident to a former insider -> PRIV-INSIDER.
MethodsData ExfilPriv Abuse
Former employee actively collected and exfiltrated customer data from internal Coupang systems (DATA-EXFIL) by abusing their prior privileged access to those systems (PRIV-ABUSE).
AssetsPersonal Data
Filing discloses the former employee obtained name, phone number, delivery address, email address, and order histories associated with up to approximately 33 million customer accounts -> PERSONAL-DATA.
EffectsInfo Privacy Loss
Filing discloses unauthorized access to personal information of up to approximately 33 million customer accounts with Korean regulatory investigations initiated -> INFO-PRIVACY-LOSS.
Impact
Approximately 33 million customer records exposed including PII; Korean regulatory investigations underway with potential financial penalties; CEO of Korean subsidiary resigned; no financial losses disclosed but regulatory and litigation exposure is material -> score 4.
InsuranceNot disclosed
Filing makes no mention of insurance -> null.
Read the original SEC filing excerpt
Item 1.05. Material Cybersecurity Incidents. On November 18, 2025, Coupang Corp. ("Coupang Corp."), a wholly-owned Korean subsidiary of Coupang, Inc. (Coupang Corp., together with Coupang, Inc. ("Coupang, Inc.," "our," or "we") and its subsidiaries and affiliates, "Coupang,"), became aware of a cybersecurity incident involving unauthorized access to customer accounts (the "Incident"). Upon discovery, Coupang activated its incident response processes, disabled the threat actor's unauthorized access, reported the Incident to the relevant Korean regulatory and law enforcement authorities, and warned customers whose data was potentially accessed. Based on investigative findings, Coupang has determined that a former employee may have obtained the name, phone number, delivery address, and email address associated with up to 33 million customer accounts, and certain order histories for a subset of the impacted accounts. To Coupang's knowledge, the former employee has not publicly disclosed the obtained data. No Coupang customers' banking information, payment card information, or login credentials were obtained or otherwise compromised in the Incident. Coupang is continuing its investigation and has engaged external forensic experts to assist with the investigation. Korean regulators have initiated investigations with which Coupang is fully cooperating. While one or more Korean regulators will potentially impose financial penalties, at this time we cannot reasonably estimate any amount of losses or range of losses that may result from such penalties. Coupang's operations have not been materially disrupted. Coupang remains subject to various risks due to the Incident, including diversion of management's attention and potentially material financial losses resulting from the potential loss of revenue and potential higher expenses, including from remediation, regulatory penalties, and litigation. The former chief executive officer of Coupang Corp., our Korean subsidiary, resigned on December 10, 2025.