Coupang, which has suffered a massive personal data breach of more than 30 million cases, was found to have even received an email threatening to disclose the leak, saying it "holds members' personal information." Police are tracking whether the sender is the same person as the actual data thief.
The Cyber Investigation Unit 2 of the Seoul Metropolitan Police Agency said on the 30th that Coupang confirmed it had received an email saying, "If you do not strengthen security, I will inform the media of the leak." There was no demand for money. Police are focusing investigative resources on whether the sender is the same person who siphoned off Coupang user information.
Coupang initially said on the 18th that it recognized the exposure of personal information from about 4,500 accounts, but a follow-up probe found the number of leaked accounts had expanded to 33.7 million. Customer names, emails, and delivery address books were included, and the company said payment information and login information were not leaked.
Police launched a pre-booking inquiry on the 21st, then on the 25th received a complaint from Coupang against an "unidentified person" on suspicion of intrusion into the information and communications network, converting it into a formal investigation. On the 28th, police finished interviewing the Coupang complainant and are analyzing related materials, including server logs the company voluntarily submitted.
Acting Commissioner Yoo Jae-sung said at an emergency meeting of related ministries at Government Complex Seoul, "Because many people have been harmed, we will investigate thoroughly and quickly arrest the suspect."
Meanwhile, some allege that a China-national employee who worked at Coupang was involved in the data leak, but police are maintaining a cautious stance, saying no facts have been confirmed.