Coupang Data Breach: What It Reveals About Identity Risk in Cloud Environments, and the CEO resigned

On December 1, 2025, Coupang disclosed a data breach affecting 33.7 million customer accounts, making it one of the largest publicly reported cybersecurity incidents in South Korea this year. In its public notice, Coupang stated that it identified unauthorized access to customer information on November 18, 2025, and that the activity dated back to June 24, 2025. An internal investigation is ongoing. 

What Coupang Has Confirmed

Coupang confirmed that the following customer information was exposed:

• Full names
• Phone numbers
• Email addresses
• Physical addresses
• Order-related information

The company stated that passwords, credit card information, and payment data were not exposed. The incident has been reported to South Korean authorities, including the Personal Information Protection Commission (PIPC), the National Police Agency, and the Korea Internet & Security Agency (KISA). Affected customers are being notified via email or SMS. 

Coupang has not disclosed:

• The attack method
• The identity of the attacker
• Whether malware, credential compromise, or insider activity was involved

No threat actor has claimed responsibility.

Third-Party Reporting (Unconfirmed)

The Investor, a publication of The Korea Herald, reported that the breach may have involved a former employee who retained access tokens. Other outlets have noted that they could not independently verify this information, and Coupang has not confirmed it. This detail remains unconfirmed and should not be treated as an established fact.

The Problem: Identity-First Risk in Cloud Environments

What is clear from Coupang’s own disclosure is that unauthorized access persisted for several months, during which a very large volume of customer data was accessible. This pattern aligns with broader industry data showing that identity and credential compromise are central vectors in modern breaches. A cloud security overview revealed that 80% of recent cloud incidents were linked to identity-related issues, such as excessive permissions, misconfigurations, and poorly governed identities (both human and machine), rather than traditional malware.

These industry figures reflect a persistent structural reality: access that appears legitimate can be exploited for extended periods when identity controls, visibility, and governance lag behind operational complexity.

Why Offboarding and Insider-Related Risks Matter

Poor offboarding and insider access control are recognized, measurable contributors to risk in cloud environments.

Independent data on offboarding and insider threats highlights the scope of the challenge:

• Around 59 % of companies report experiencing a data breach related to poorly managed offboarding processes.
• Only 44 % of companies ensure that all access rights are revoked within 24 hours of an employee’s departure. 
• About 20 % of data breaches involve former employees within six months of departure. 
• According to Ponemon-linked research, insider incidents (including negligent or mistaken insiders) rose to nearly 7,868 incidents in 2025, with non-malicious insiders accounting for 75 % of them. 
• Insider threats are widespread, with studies showing that many organizations report multiple insider attacks per year, and that 71 % consider themselves at least moderately vulnerable to insider threats. 

These statistics measure organizational experience with access-related risk, regardless of whether an incident is externally or internally initiated. They underscore why continuous and systematic identity governance—including on- and offboarding—is more than an administrative step; it is a core security boundary.

Identity Risk Observations Based on Confirmed Facts

Without assuming a specific attack method, the confirmed details of the Coupang breach reflect characteristics seen across many large-scale breaches:

• Extended undetected access
• Broad access to customer data once authorization exists
• Exposure of personal information rather than infrastructure destruction

These traits are consistent with gaps in identity visibility, access governance, and detection, independent of attacker identity or technique. This is not a judgment on Coupang’s controls. It is an observation grounded in incident reporting and third-party statistics about cloud-centric breaches.

Identity as a High-Impact Risk Surface

Modern cloud platforms are identity-first by design: permissions, roles, and tokens govern both human and machine access. When effective access is not continuously evaluated and validated, unauthorized sessions can remain active and go unnoticed. Industry data shows that identity-related and credential-based vectors dominate cloud security incidents, reinforcing that IAM provisioning alone is insufficient without ongoing governance and risk monitoring.

Where Unosecur Fits

This incident illustrates the type of identity risk that Unosecur is specifically designed to address, highlighting the importance of our proactive identity security platform.

At the cloud layer, Unosecur helps organizations:

• Continuously discover human and non-human identities
• Analyze granted permissions, not just configured roles
• Identify over-privileged, dormant, or risky access paths
• Reduce exposure through least-privilege enforcement

Unosecur augments IAM with Continuous Identity Security & Protection, helping teams understand how access actually functions in live cloud environments. The Coupang breach does not require speculation to be instructive. The confirmed facts combined with broader industry statistics about compromised credentials, offboarding gaps, and insider risks show how unauthorized identity-based access and lingering permissions continue to underpin large-scale data exposure events. In cloud environments, identity is not just an authentication mechanism. It is the boundary between routine operations and systemic exposure. The Coupang incident reinforces a hard truth: identity risk often exists long before it is detected. Unosecur’s free identity risk assessment helps organizations uncover hidden access risks across human and non-human identities, excessive permissions, and stale credentials in cloud environments. Schedule your free Identity Risk Assessment to gain visibility into identity risks that traditional IAM and cloud security tools often miss.

‍