Seoul, South Korea – The South Korean government held an emergency meeting today, the 30th of this month, chaired by Deputy Prime Minister and Minister of Science and ICT, Bae Kyung-hoon. This followed the revelation of a large-scale leak of personal information from the major e-commerce platform Coupang. The incident has been described as one of the most serious data breaches in the country’s history.
Government apology and immediate investigation
At the start of the meeting, held at the government complex in Seoul, Bae expressed his “deep regret” over the security breach at a company whose platform is used by millions of citizens. He noted that the government received the first report of the incident on the 19th of this month and launched an on-site investigation on the 20th immediately after receiving the report of the leak.
A government statement revealed that the initial investigation showed the attacker exploited a vulnerability in the authentication system of Coupang’s servers. This allowed him to leak data from more than 30 million customer accounts without requiring legitimate login. The leaked data included customer names, email addresses, forwarding phone numbers, and addresses.
Activating a joint task force and tightening monitoring
The Deputy Prime Minister confirmed the activation of a joint public-private sector task force, starting today, to conduct a comprehensive investigation into the incident. This is aimed at limiting the spread of damage. He also indicated that authorities are examining whether Coupang violated its legal obligations regarding personal data protection measures.
The government issued a general security alert to prevent potential secondary damage, such as identity theft or financial fraud through phishing attacks and text messages that could exploit the breach, according to South Korea’s Yonhap News Agency.
A strict three-month monitoring period will be implemented to track any leaks or illegal distribution of personal information online.
The discrepancy in the leaked figures
The closed-door meeting was attended by Coupang CEO Park Dae-joon, who presented a report explaining the circumstances of the incident and the company’s response plans.
Coupang initially announced on the 19th of this month that the leak affected only 4,536 accounts. However, a subsequent government investigation revealed that the true extent of the breach was 33.79 million accounts, leading to increased concern and urgent government measures.
Due to the seriousness of the incident and the wide scope of the leak, the Ministry of Science and Information and Communications Technology announced the formation of a joint public-private sector investigation team. The goal is to analyze the causes of the breach and develop mechanisms to prevent its recurrence in the future.
