Coupang(US:CPNG) Insurance Journal·2026-02-10 10:17Core Insights - The South Korean government attributed a significant data leak at Coupang to management failures rather than a sophisticated cyberattack, urging the company to enhance its security systems [1][3]. Investigation Findings - A government-led probe revealed that a former Coupang engineer exploited flaws in the authentication process, leading to unauthorized access from April to November, with prior attempts in January [2][4]. - The breach compromised personal data of approximately 33.7 million customers, including names and phone numbers [4]. Company Response - Coupang stated it would take necessary measures to prevent future incidents and claimed that the data accessed did not include payment or login information [5][6]. - The company acknowledged that data from around 3,000 user accounts was deleted and asserted that no secondary harm had occurred [6]. Security Concerns - The ministry criticized Coupang for inadequate security measures, particularly for failing to invalidate the signing key of the former employee who had access to the authentication system [7][8]. - Recommendations were made for Coupang to implement a detection and blocking system for unauthorized electronic access [8]. Legal and Regulatory Issues - Coupang is facing a tax audit and a legal complaint from the South Korean parliament due to non-compliance with parliamentary hearings [10]. - The company is also accused of violating information-network laws by not reporting the breach within the mandated 24-hour period, which could result in an administrative fine of up to 30 million won (approximately $20,596) [11].