Hacker’s Desperate Attempt to Erase Evidence in Coupang Data Breach Thwarted
In a dramatic turn of events, the individual responsible for the massive data breach at South Korean e-commerce giant Coupang attempted to eliminate incriminating evidence by discarding his MacBook Air into a river. However, this effort was in vain, as company investigators successfully retrieved the device days later, shedding light on the extent of the breach and the subsequent investigation.
The Breach Unfolds
In late November 2025, Coupang disclosed a significant security incident where unauthorized access led to the exposure of sensitive information belonging to 33.7 million customers. The compromised data included names, addresses, and phone numbers, raising immediate concerns about user privacy and data security.
Public Outcry and Government Oversight
The revelation sparked widespread public criticism, with many questioning Coupang’s response to the breach. In response, the company clarified on December 26 that their actions were conducted under strict government supervision. Beginning December 1, Coupang collaborated closely with authorities in a coordinated effort to identify and apprehend the perpetrator.
The Investigation Timeline
– December 9: Authorities directed Coupang to initiate contact with the individual responsible for the leak, providing specific guidelines for communication.
– December 14: Initial meetings with the suspect resulted in a full confession. The individual surrendered a desktop computer, multiple hard drives, and provided sworn testimony, all of which were promptly handed over to the authorities.
– December 16-17: Primary devices were secured and transferred to government analysts for thorough examination.
– December 18: Acting on further instructions, Coupang’s forensic team located and retrieved the submerged MacBook Air from the river. The device was meticulously documented and immediately delivered to the authorities.
– December 21: Additional hard drives and three fingerprinted declarations were collected and forwarded to the police.
Throughout this period, Coupang adhered to a government-imposed directive to maintain confidentiality, even as external criticism mounted regarding their perceived silence.
Company’s Stance and Public Communication
Coupang emphasized that the investigation was conducted under governmental oversight, countering claims of a self-directed probe. The company briefed officials on December 23 and updated customers on December 25, assuring full cooperation to mitigate any further harm resulting from the breach.
Compensation and Rebuilding Trust
On December 29, Interim CEO Harold Rogers announced a substantial compensation package totaling 1.685 trillion won (approximately $1.2 billion). This initiative aims to rebuild customer trust and includes:
– 50,000 won ($37) vouchers for each affected account, encompassing WOW members, cancellations, and all notified users.
Starting January 15, affected customers will receive notifications via text, granting access to four single-use coupons through the Coupang app:
– 5,000 won each for core Coupang services, including Rocket Delivery and Coupang Eats.
– 20,000 won each for Coupang Travel and luxury platform R.LUX.
Rogers expressed deep regret over the incident, stating, We deeply regret the distress caused… This is our responsible action. He pledged a commitment to transforming Coupang into a company that customers can trust, emphasizing a customer-centric approach moving forward.
Cybersecurity Implications
Experts in the field have lauded the successful recovery of the submerged MacBook Air as a significant victory against attempts to destroy digital evidence. However, the incident raises critical questions about preventive measures and the robustness of data security protocols. Coupang’s experience highlights the vulnerabilities inherent in large-scale retail operations, where a single insider breach can have far-reaching consequences.
Conclusion
The Coupang data breach serves as a stark reminder of the importance of stringent cybersecurity measures and the need for swift, transparent responses to security incidents. As the company moves forward with its compensation plan and efforts to regain customer trust, the broader industry must take note of the lessons learned to prevent similar occurrences in the future.
