News

Coupang Data Breach: Police Raid

×

Coupang Data Breach: Police Raid

Sebarkan artikel ini

A major data breach investigation has been launched against South Korean e-commerce giant Coupang, following the leak of personal information belonging to millions of its customers. Law enforcement officials have taken swift action, initiating a formal criminal investigation and conducting a raid on the company’s headquarters in Seoul.

Police Raid Coupang Headquarters

On the 9th, the Cyber Investigation Unit of the Seoul Metropolitan Police Agency executed a search and seizure warrant at Coupang’s headquarters located in the Songpa-gu district of Seoul. The raid involved a dedicated team of 17 investigators and was aimed at securing evidence related to the massive data leak.

According to police statements, the purpose of the raid was to “clarify key factual relationships, including the circumstances of the information leak and the responsible parties.” This suggests that investigators are focusing on determining how the breach occurred, who was involved, and whether Coupang took adequate measures to protect customer data.

Rapid Escalation of Investigation

Despite initial statements indicating a focus on analyzing materials provided by Coupang, the police escalated the matter to a full criminal investigation, including the headquarters raid, within a mere two days. This swift action underscores the seriousness with which authorities are treating the data breach.

The investigation reportedly stems from a complaint filed by Coupang itself, along with internal documents provided to the police. Based on this information, investigators have identified a former employee, a Chinese national, as a primary suspect in the data leak. The individual is suspected of unauthorized access to the information and communications network and disclosure of secrets.

Baca Juga :  Pastikan Maju Menjadi Calon Wakil Bupati “Ini Pesan Jarmin Sidik Kepada Masyarakat Natuna “

Coupang’s Initial Response

Coupang initially reported that approximately 4,500 customer accounts had been affected by unauthorized access to personal information from an external source. The company claims it became aware of the breach on the 18th of last month and filed a complaint with the police on the 25th of last month, alleging violations of the Information and Communications Network Act.

The company also stated that it promptly notified the police, the Korea Internet & Security Agency, and the Personal Information Protection Commission upon discovering the data leak.

Discrepancy in Reported Numbers

However, subsequent investigations conducted jointly by relevant agencies and Coupang’s internal teams revealed a significantly larger scale of the breach. The number of affected accounts was revised upwards to approximately 33.7 million. This discrepancy has drawn criticism, with some accusing Coupang of underreporting the severity of the incident in its initial report.

Suspect Identified as Former Employee

Coupang has identified the individual who allegedly gained unauthorized access to customer information as a former employee of the company, a Chinese national. This employee has since resigned and left the country.

It remains unclear whether the account was used directly by the former employee or if it was misappropriated by a third party. The possibility of accomplices is also under investigation.

Baca Juga :  Uang Nasabah BRI Natuna Hilang “Begini Kronologinya

Potential Consequences and Ongoing Investigation

As of now, authorities have not confirmed any secondary damages, such as smishing or phishing attacks, resulting from the Coupang data leak. However, the investigation is ongoing, and the potential for harm remains a significant concern.

A police official stated that the investigation aims to “comprehensively clarify the entities responsible for the leak, the routes through which it occurred, and the company’s managerial responsibilities based on digital evidence secured during the raid.” This suggests that the investigation will examine not only the actions of the suspected employee but also Coupang’s security protocols and data protection practices.

The investigation will likely focus on the following key areas:

  • Identifying all individuals involved: Determining whether the former employee acted alone or had accomplices.
  • Tracing the flow of information: Understanding how the data was accessed, copied, and potentially disseminated.
  • Assessing Coupang’s security measures: Evaluating the effectiveness of Coupang’s data protection systems and identifying any vulnerabilities that may have contributed to the breach.
  • Determining managerial responsibility: Examining whether Coupang took adequate steps to prevent the data leak and respond appropriately once it was discovered.

The outcome of this investigation could have significant consequences for Coupang, including potential fines, legal action from affected customers, and reputational damage. The case also highlights the growing importance of data security and the potential risks associated with handling large volumes of personal information.