Science ministry formalizes breach findings, setting timelines for inspections and follow-on enforcement across agencies

South Korea’s Ministry of Science and ICT (MSIT) on Tuesday released the results of its joint public-private investigation into a major data breach at e-commerce platform Coupang, concluding that tens of millions of user records were exposed over several months due to failures in user authentication and internal security controls. The ministry said a former employee exploited authentication vulnerabilities to access user accounts without normal login procedures, enabling large-scale viewing of personal data including names, email addresses, delivery information and order histories.

MSIT also found that Coupang failed to meet statutory obligations following the breach, including delays in reporting the incident to authorities and violations of data-preservation orders that hindered the investigation. The ministry said it will require Coupang to submit a remediation plan this month and will conduct follow-up inspections between June and July to assess implementation. Separately, the Personal Information Protection Commission is expected to determine the final scope of personal data leakage, while law-enforcement authorities continue parallel probes.

South Korea’s Ministry of Science and ICT (MSIT) on Tuesday released the results of its joint public-private investigation into a major data breach at e-commerce platform Coupang, concluding that tens of millions of user records were exposed over several months due to failures in user authentication and internal security controls. The ministry said a former employee exploited authentication vulnerabilities to access user accounts without normal login procedures, enabling large-scale viewing of personal data including names, email addresses, delivery information and order histories.

MSIT also found that Coupang failed to meet statutory obligations following the breach, including delays in reporting the incident to authorities and violations of data-preservation orders that hindered the investigation. The ministry said it will require Coupang to submit a remediation plan this month and will conduct follow-up inspections between June and July to assess implementation. Separately, the Personal Information Protection Commission is expected to determine the final scope of personal data leakage, while law-enforcement authorities continue parallel probes.

Get your
KoreaPro
subscription today!

Unlock article access by becoming a KOREA PRO member today!

Unlock your access
to all our features.

Standard Annual plan includes:

• Receive full archive access, full suite of newsletter products

• Month in Review via email and the KOREA PRO website

• Exclusive invites and priority access to member events

• One year of access to NK News and NK News podcast

There are three plans available:
Lite, Standard and
Premium.

Explore which would be
the best one for you.

Explore membership options

© Korea Risk Group. All rights reserved.
No part of this content may be reproduced, distributed, or used for
commercial purposes without prior written permission from Korea Risk
Group.