Coupang, the largest retailer in South Korea, announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers whose information was exposed in the data breach discovered last month.
The compensation will be provided gradually, starting on January 15, 2026, to all Coupang customers, including WOW and non-WOW members, as well as those who canceled their membership.
“Coupang will provide each customer with four single-use purchase vouchers totaling 50,000 won [around $34]: all Coupang products, including Rocket Delivery, Rocket Overseas, Seller Rocket, and Marketplace (5,000 won), Coupang Eats (5,000 won), Coupang Travel products (20,000 won), and R.LUX products (20,000 won),” the company says.
The company aims to restore customer trust following a data breach that occurred on June 24, but it was discovered only in mid-November.
Coupang is a U.S.-based tech and online retail company that operates in the South Korean market. It employs 95,000 people and has an annual revenue of more than $30 billion.
The breach was one of the worst in South Korea’s history. It exposed names, email addresses, physical addresses, and order information of 33.7 million Koreans, and prompted the national police to take over the investigation.
According to the authorities, the primary suspect is a 43-year-old Chinese national who worked for the retail giant in the IT department between November 2022 and up to some point in 2024, when he left the firm.
An update from Coupang earlier this week explains that it contacted the former employee directly earlier this month, met with them, and eventually recovered their desktop computer’s hard drives containing the sensitive data.
A MacBook Air laptop belonging to the suspect was also recovered from a river, where they disposed of it in an attempt to destroy evidence.
Source: Coupang
Based on current information from the investigation, aided by Mandiant, Palo Alto Networks, and Ernst & Young, the perpetrator accessed 33 million accounts but retained user data from approximately 3,000.
Coupang says that the former employee did not transfer any of this data to others, and he subsequently deleted it from his devices as well.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.
