Coupang Data Breach Widens: 165,000 More Customers Affected in 2026 Attack

The largest e-commerce retailer in South Korea, Coupang, recently revealed that yet another 165,000 consumer databases were hacked, further broadening the massive attack that took place in November 2025 which revealed more than 33 million customers, that is more than half of the population in the country.

Breach Details Emerge

It was announced on 5 February 2026 with an intensive governmental investigation that information on the breach was confirmed. The incident that was inappropriately revealed is the release of personal identifiers of the subjects 165,000 affected accounts in question, i.e. the names, telephone numbers, and residential addresses. 

Notably, there was no financial or log-in information, electronic mail accounts, and shared passwords or order histories, and with that being said, the short-term threat of fraudulent use has been alleviated.

Scale and Stakes

The scale of this breach is way bigger than the past instances, including the 2025 exfiltration of 460,000 records.

As the breach involves the contact details and addresses of a large number of citizens, the Commission plans to conduct a swift investigation and impose strict sanctions if it finds a violation of the duty to implement safety measures under the Protection Act.

As the head of the Fair Trade Commission (FTC) reiterates warnings of a possible business suspension for Coupang over its massive data breach, experts are weighing the likelihood of punitive action.

Said Song Se-ryeon, a professor of law at Kyung Hee University

If the FTC decides to suspend Coupang’s business, it would have a huge impact on the market by setting a symbolic example for major platform firms.

Road Ahead

The current Coupang CEO is currently under law-enforcement investigation on aspects related to evidence with the investigations set to continue until 2026. 

It is expected that more fines, litigation and mandatory remedial measures are going to be made. The consumers are advised to maintain a high level of awareness on frauds such as updating shared credentials and checking identity theft. 

This event highlights the growing cyber security threats experienced in Asia and pushes the regulatory agencies toward the stiffer statutory systems. A quick rebuilding of trust among people is urgently needed; otherwise it may allow other companies to capture the market share in the environment where the lack of confidence is observed.