Coupang Confirms 204,552 Taiwan Users Caught in Data Breach Linked to Former Employee | Storm Media

South Korean e-commerce platform Coupang has confirmed that the personal data of 204,552 users in Taiwan was illegally accessed by a former employee of its Korean subsidiary, the company disclosed Monday, nearly three months after the breach was first made public.

Taiwan's Ministry of Digital Affairs said it has ordered Coupang Taiwan to notify all affected users, establish a dedicated customer service channel, and propose a compensation plan. A follow-up administrative inspection is scheduled for Wednesday, February 25. If violations of Taiwan's Personal Data Protection Act are found, the ministry said penalties will follow.

The breach was originally disclosed on November 29, 2025, when Coupang Korea revealed that a former employee had stolen customer account data, affecting 33.67 million users in South Korea. At the time, Coupang Taiwan told Taiwan's Department of Digital Industries (DDI) on multiple occasions that no Taiwanese user data had been compromised, while a third-party forensic investigation remained ongoing.

That assessment changed this week. On February 23, Coupang Taiwan formally notified the DDI that Mandiant, the cybersecurity firm commissioned to conduct the investigation, had confirmed Taiwanese users were affected.

According to Mandiant's findings, the former employee accessed data linked to approximately 200,000 Coupang Taiwan accounts. However, forensic analysis of all recovered devices showed that only one Taiwanese user's data — along with records from roughly 3,000 Korean accounts — was actually stored by the individual. That data has since been deleted, Mandiant said.

The compromised information is limited to names, email addresses, phone numbers, delivery addresses, and records of up to five recent orders. No financial data, passwords, or government-issued identification numbers were accessed, the company said.

Coupang Taiwan announced a compensation package totaling more than NT$200 million, with each of the 204,552 affected users to receive shopping vouchers worth NT$1,000. The vouchers will be available from March 8 through the Coupang app or at https://pages.tw.coupang.com/f/3081, and will remain valid through June 7, 2026.

The company said the access pathway exploited by the former employee was blocked and patched in November 2025. Coupang added that ongoing surveillance of the dark web, Telegram, Chinese messaging platforms, and other forums by multiple cybersecurity firms has so far found no evidence of misuse. South Korea's National Police Agency and the Korean Joint Public-Private Investigation Team have reached the same conclusion, the company said.

The DDI warned that breached personal data is frequently exploited by fraud syndicates. Common tactics include impersonating customer service agents and fabricating issues related to instalment cancellations, parcel deliveries, or refund requests. Users are advised not to click on unknown links or share passwords, verification codes, or national ID numbers with unverified contacts. Those who receive suspicious calls or messages can reach Taiwan's anti-fraud hotline at 165.

You've read it. Now let's talk. Follow us on X. Editor: Penny Wang