Coupang identifies former employee, says leaked customer data was deleted

Coupang said on Dec. 25, 2025 that forensic analysis identified a former employee as the person who accessed customer information in a breach that exposed basic details tied to roughly 33 million accounts. The company said investigators relied on forensic evidence it described as "digital fingerprints," and that the individual "confessed" and "provided a detailed account of how the breach occurred."

According to the company, the former employee used a stolen internal security key to access names, email addresses, phone numbers, home addresses and other details. Coupang said the person stored data from about 3,000 accounts and subsequently deleted that stored information. The company asserted there was no evidence the data was transferred outside the firm, saying the individual "did not transfer the data to a third party."

Coupang said it recovered all devices linked to the incident, including a hard drive. The company described one dramatic episode in which a laptop that contained part of the stored data was thrown into a river by the suspect and later recovered by divers using the suspect’s description of the disposal location. A second computer used in the incident reportedly had its stored data deleted by the individual.

The company said its internal investigators were assisted by outside cybersecurity and professional services firms, naming Mandiant, Palo Alto Networks and Ernst Young as participants in the forensic work. Those firms, Coupang said, supported the timeline and technical conclusions that led to the identification of the former employee.

South Korea’s science ministry said it is leading a joint investigation with private sector experts, and that its inquiry remains ongoing. The ministry said it had sent a "strong complaint" to Coupang over what it called the firm's "unilateral disclosure" of allegations before official confirmation by authorities. The ministry’s statement underscores a separation between the company’s findings and the current status of the state-led probe.

The episode has intensified scrutiny of corporate data protections in South Korea. Earlier in December President Lee Jae myung publicly called for tougher penalties on Coupang for what has been described as one of the country’s worst data breaches. The combination of political pressure, an active government investigation and a major consumer base potentially affected by exposed information places the company under heightened regulatory and legal risk.

Coupang has not disclosed the identity of the former employee, and no arrests or criminal charges were reported as of the company’s Dec. 25 statements. The company and the science ministry each said they would continue their respective inquiries. Coupang also said the former employee told investigators they had become "extremely nervous" or "highly distressed" after media reports about the breach and had attempted to conceal and destroy evidence.

For millions of users the immediate questions center on whether exposed information could be used for fraud or identity theft, and on the adequacy of safeguards at one of South Korea’s largest technology firms. Authorities and outside analysts are expected to focus on how the internal security key was stolen, how access controls failed, and what regulatory consequences, including potential fines or mandated reforms, may follow once official findings are released.