Home > Business > Industry

Privacy regulator demands Coupang re-notify users of data breach as personal information 'leak'

Published: 03 Dec. 2025, 13:54

A text message from Coupang, notifying a user of personal information being "exposed" in a recent data breach, is seen in this photo taken on Dec. 1. [YONHAP]

The Personal Information Protection Commission (PIPC) said on Wednesday that e-commerce giant Coupang did not properly notify its customers of its recent major data breach and demanded a corrected notification, specifying personal information “leak,” not an “exposure” of such data.

The data protection regulator made the decision during an emergency meeting after Coupang announced last week that the personal information of 33.7 million customers — including names, addresses and phone numbers — had been compromised.

While Coupang notified affected users of the breach, the company merely described it as personal information being “exposed” when it had actually been “leaked,” according to the PIPC.

The regulator said that Coupang also partially omitted stating which kinds of data had been affected and announced the breach on its website for only one to two days.

It ordered the company to notify affected customers again of the leak; advise them of data protection measures, such as changing their passwords; reinspect steps to prevent harm to customers; then submit the results of the measures to the PIPC within one week.

"[We] will swiftly and thoroughly investigate the circumstances [and] scope [...] of Coupang's personal information leak, as well as violations of safety duties, and impose strict punishments if violations are found,” the regulator said in a release.

Meanwhile, the PIPC said on Sunday that it strengthened its monitoring of illegal distribution of personal information on the internet and dark web, which will last for three months.

Yonhap