The Financial Supervisory Service is reviewing indications of an external cyberattack on Coupang Pay, the electronic payment gateway (PG) affiliate that handles easy payments within Coupang. It is broadly examining possible links to Coupang, which recently suffered a leak of about 33.7 million pieces of member information. The Financial Supervisory Service plans to ask the Financial Security Institute for cooperation if signs of an external attack are found.

According to financial authorities on the 11th, the Financial Supervisory Service extended its on-site inspection of Coupang Pay, which was originally scheduled to be completed on the 5th, through this week. The move aims to further check whether the "one-ID" policy, under which signing up for Coupang automatically enrolls a user in Coupang Pay, is linked to security vulnerabilities. Until last week, the Financial Supervisory Service checked whether personal information was leaked from Coupang Pay, but it expanded the scope of the review.

Coupang headquarters in Songpa-gu, Seoul. /Courtesy of News1

The Financial Supervisory Service is said to be checking for external attacks, including the infiltration of malware targeting Coupang Pay. As of now, the Financial Supervisory Service is known to have found no signs of external attacks at Coupang Pay.

Coupang said last month that information for 33.7 million customer accounts was leaked. A former employee of Chinese nationality is currently being named as a prime suspect. The leaked information includes customer names, email addresses, address books for delivery, and some order details.

Coupang said payment information, credit card numbers, and login information were not included and that no information leak occurred at Coupang Pay, but the Financial Supervisory Service decided it could not take Coupang's word for it and began a review. If potential issues are found during the review, the Financial Supervisory Service plans to shift to an inspection and look into the details.

Financial Supervisory Service Governor Lee Chan-jin answers lawmakers' questions during a National Policy Committee hearing at the National Assembly in Yeouido, Seoul, on the 3rd regarding the Coupang personal data leak. /Courtesy of News1

Lee Chan-jin, governor of the Financial Supervisory Service, said at an emergency inquiry at the National Policy Committee on the 3rd regarding Coupang's personal information leak that the agency would closely examine related matters. At the time, Lee said, "With the 'one-ID' policy, it seems Coupang and Coupang Pay agreed in advance and came to use the platform together. We have begun an on-site inspection of Coupang Pay, and as soon as findings are confirmed, we will decide whether to proceed to an inspection and respond actively."

※ This article has been translated by AI. Share your feedback here.