Coupang delivery camp[Yonhap News Agency file photo][Yonhap News Agency file photo]
Coupang Inc., the U.S. headquarters of the South Korean e-commerce giant, has challenged the government’s report on a data breach investigation. The company claims that key facts about the scale of the common entrance access code leak were omitted from the official announcement.
In an official statement, Coupang Inc. revealed that last year, a former employee of Chinese nationality used a self-developed program to perform about 140 million automated queries, accessing over 33 million customer accounts. However, they emphasized that only 2,609 of these accounts actually contained common entrance access codes. The company also stated that the attacker stored information from only about 3,000 users.
This contradicts the earlier announcement by the joint public-private investigative team, which reported that the former employee had conducted approximately 50,000 queries related to common entrance access codes.
Coupang Inc. asserted, “Based on Akamai security logs and user data analysis, we confirmed that only 2,609 accounts contained common entrance access codes. The government’s announcement failed to include the verification results regarding the actual number of accessed accounts.”
The company noted that this analytical data was shared with the Personal Information Protection Commission and the investigative team on December 23 of the previous year.
Coupang Inc. reported that they recovered all devices used by the former employee for forensic investigation. They claim that the evidence obtained aligns with the former employee’s sworn statement. Furthermore, they stated that the investigative team and the Personal Information Protection Commission possess analysis results showing no personal information of South Korean users was stored on the recovered devices.
The company emphasized that while the attacker accessed some common entrance access codes along with names, emails, phone numbers, shipping addresses, and limited order history, they did not gain access to highly sensitive information such as payment data, financial details, login credentials, or government-issued identification.
This was also verified through Akamai security logs, which were provided to the investigative team and the Personal Information Protection Commission on December 8 of the previous year.
Although concerns about potential secondary crimes arose following the news of the common entrance access code breach, Coupang Inc. stated that no confirmed secondary damages have been reported to date.
Coupang Inc. affirmed, “We have consistently provided relevant analytical results to the government throughout the investigation process and will continue to cooperate. We remain committed to protecting customer data, ensuring transparent information disclosure, and strengthening our protective systems to prevent future incidents.”
#CoupangInc #JointInvestigativeTeam #DataBreach
For inquiries and tips to Yonhap News TV: KakaoTalk/Line jebo23
Han Ji-i (hanji@yna.co.kr)
Most Commented