Vice Minister Ryu Jemyung Reveals Details at National Assembly Inquiry on December 2
Attacker's Identity to Be Determined Through Police Investigation
"Monitoring for Secondary Damage Such as Smishing to Be Strengthened"

Ryu Jemyung, Vice Minister of Science and ICT, responding. Photo by Yonhap News.

Ryu Jemyung, Vice Minister of Science and ICT, responding. Photo by Yonhap News.

View original image

The Ministry of Science and ICT confirmed during a National Assembly inquiry on December 2 that the attack period for the Coupang personal information leak incident lasted from June 24 to November 8 of this year.


On this day, Ryu Jemyung, Vice Minister of Science and ICT, stated at the Science, ICT, Broadcasting, and Communications Committee's inquiry, "The attacker exploited an authentication vulnerability on Coupang's servers to repeatedly and abnormally access and leak customer information without normal logins. During this process, the cryptographic key used to electronically sign authentication tokens for Coupang server access was abused," he explained.


Vice Minister Ryu explained, "A comprehensive log analysis determined that information was leaked from more than 30 million accounts. On November 29, the Ministry of Science and ICT and the Personal Information Protection Commission jointly developed response measures, issued an emergency press release, and took steps such as issuing a security notice to prevent secondary damage." He added, "Considering the scale of the leak and the potential harm to the public, a joint public-private investigation team was formed on November 31, and an emergency ministerial meeting was convened with related ministries, including the Ministry of Science and ICT, the Office for Government Policy Coordination, and the Personal Information Protection Commission, to discuss the response direction."


The attack period identified so far is from June 24 to November 8, 2025. During this time, more than 30 million accounts were found to have been accessed without authorization. The leaked information included customer names, emails, delivery addresses, phone numbers, and physical addresses. The government stated, "The number of affected accounts may change after a more thorough investigation."


Vice Minister Ryu also mentioned that the incident was first discovered through an external tip-off. He said, "An individual who required verification sent an email to Coupang, claiming that nearly 30 million items of personal information, including emails and delivery addresses, had been leaked." However, he drew a line by saying, "The identity of the attacker mentioned in the media and elsewhere needs to be confirmed through a police investigation."


Hot Picks Today

"If It's Uncomfortable, They Cut Ties": Three Out of Five U.S. Gen Z Have Broken Off Contact With Family or Friends in the Past Year "If It's Uncomfortable, They Cut Ties": Three O...

The government announced its plan to thoroughly investigate the circumstances of the incident and Coupang's security vulnerabilities through the joint public-private investigation team and to transparently disclose the results. In addition, given the heightened concerns about secondary damage such as smishing, the government stated, "We will continue to monitor for any secondary damage and cooperate with related agencies such as the Personal Information Protection Commission and the National Police Agency to prevent further harm."


한글 기사 보기
This content was produced with the assistance of AI translation services.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Today’s Briefing