Amid the Coupang personal information leak, the Financial Supervisory Service conducting an on-site inspection of its subsidiary Coupang Pay demanded stronger security for the one-ID (one-ID·managing multiple services with a single ID) policy. Coupang and Coupang Pay are linked with the same ID.

The Financial Supervisory Service said the one-ID policy did not cause the leak, but it could lead to incidents in the future. The Financial Supervisory Service plans to extend the on-site inspection of Coupang Pay and review whether the requirements are met.

According to financial authorities on the 19th, the Financial Supervisory Service extended the Coupang Pay on-site inspection, which was initially set to be completed last week, through this week. The Financial Supervisory Service reportedly ordered Coupang to introduce additional authentication steps between the process in which users are automatically signed up for Coupang Pay under the one-ID policy when joining Coupang and the payment process through Coupang Pay.

A Coupang logistics center in Seoul./Courtesy of Yonhap News

Coupang Pay reportedly accepted the Financial Supervisory Service's request and reflected the relevant changes in its IT system. The Financial Supervisory Service plans to verify through the extended on-site inspection this week whether the measures are actually being implemented.

The Financial Supervisory Service plans to closely examine whether other security issues could arise from the one-ID policy and then decide whether to further extend the on-site inspection or convert it to an examination. If the on-site inspection is converted to an examination, a more intensive probe will be conducted. The Financial Supervisory Service has so far found no indication that information was leaked from Coupang Pay.

At Coupang, information from 33.7 million customer accounts was leaked last month. The leaked information included customer names, email addresses, shipping address books, and some order information. Coupang said payment information, credit card numbers, and login information were not leaked, and no information leak occurred at Coupang Pay. However, the Financial Supervisory Service decided it could not rely solely on Coupang's claims and began inspecting Coupang Pay early this month.

An official at the Financial Supervisory Service said, "The risk assessment of the one-ID policy is largely complete," and noted, "We are additionally looking into whether there are security concerns we have not yet identified."

※ This article has been translated by AI. Share your feedback here.