Coupang, South Korea’s leading retailer, has announced a massive compensation package of $1.17 billion (1.685 trillion Won) for the 33.7 million customers affected by a data breach revealed last month.

The compensation process will begin on January 15, 2026, and will encompass all Coupang customers, including both WOW and non-WOW members, as well as those who have since canceled their membership.

“Each customer will be awarded four single-use purchase vouchers totaling 50,000 won [approximately $34]. These vouchers can be used for all Coupang products, including Rocket Delivery, Rocket Overseas, Seller Rocket, Marketplace (5,000 won), Coupang Eats (5,000 won), Coupang Travel products (20,000 won), and R.LUX products (20,000 won),” the company stated.

The company’s goal is to regain customer trust in the wake of the data breach that was initially discovered on June 24 but only revealed in mid-November.

Coupang is a U.S.-based technology and online retail company operating in the South Korean market, employing approximately 95,000 individuals and generating over $30 billion in annual revenue.

This data breach ranks among the most severe in South Korean history, exposing the names, emails, physical addresses, and order details of 33.7 million individuals. The incident prompted the national police to take control of the investigation.

Authorities have identified a 43-year-old Chinese man as the main suspect, who had been part of Coupang’s IT department from November 2022 until part of 2024, when he left the company.

A recent update from Coupang revealed that they engaged the former employee earlier this month, had a meeting with him, and successfully retrieved his desktop computer’s hard drives, which contained the compromised data.

A MacBook Air belonging to the suspect was also found in a river, where he disposed of it in an effort to eliminate evidence.

According to current investigative findings, supported by Mandiant, Palo Alto Networks, and Ernst & Young, the suspect accessed 33 million accounts but retained sensitive data from about 3,000 accounts.

Coupang has asserted that the former employee did not share this data with any third parties and subsequently deleted it from his devices as well.

Weak IAM poses not just an IT challenge; it affects every sector of your business.

This practical guide explores why conventional IAM methods fail to meet modern demands, illustrates examples of effective IAM practices, and provides a straightforward checklist for developing a scalable strategy.

Get the guide