This week’s digest covers a major data breach in South Korea that initially seemed minor but ultimately affected 33.7 million users. A dismissed IT specialist allegedly used a long-valid token to bypass security systems. The incident exposes significant weaknesses in insider threat management.

The end of 2025 is full of news on insider-related incidents. This time, new details have emerged about a breach at Coupang, the most popular e-commerce platform in South Korea. According to company officials, the leak began in June 2025 and went undetected for five months, until November.

Early in the investigation, the breach was thought to involve only about 4,500 user records. Coupang notified authorities, and a joint investigation has been underway since. As the inquiry progressed, however, it became clear that the actual number of affected individuals was significantly higher.

On 29 November, the company announced that records of 33.7 million customers had been compromised. This meant that essentially the company’s entire active user base was affected. The exposed data included:

• Names,
• Phone numbers,
• Email addresses,
• Delivery details.

Initially no information about the nature of the data breach was disclosed. Investigators later suggested that a former employee was involved. The primary suspect is a dismissed IT specialist who, according to Coupang’s chief information security officer, took a signed authentication key when leaving the company. This key became the critical weak point.

Per the company’s security policies, the token signing key validity period is set between 5 and 10 years. As a result, the former employee was able to generate as many authentication tokens and access the internal systems while bypassing security controls. The attacker avoided detection by rotating IP addresses.

This incident could potentially lead to long-term consequences. Firstly, it is the largest data breach of an e-commerce company in Korean history. Secondly, the leak affected more than half of Korea's population. The government may tighten regulations in response to a breach of this scale. Many businesses may also be forced to increase their security spending to comply with new requirements.

Finally, Coupang may face significant financial losses. Its daily active user count has already fallen by more than one million, while competitors have reported sharp increases in new users. Also, there is a possible class action lawsuit against the company. Affected individuals can seek compensation of up to $68 per person. If such a lawsuit succeeds, Coupang could face more than $2 billion in compensation costs.

The threat of disgruntled employees is a common risk for businesses. In some cases, departing staff steal customer databases; in others, they take proprietary technology or blueprints. A departing employee might intentionally erase corporate data as a form of retaliation, like Davis Lu did.

To address such threats, the SearchInform team has developed Risk Monitor, the Next-Gen Data Loss Prevention (DLP) solution. It is a unified platform for internal threat mitigation, which combines data discovery and classification, controls data transfers and file operations, and provides proactive data protection with watermarks.

On top of that, the solution provides visibility over business processes and assists with the management of corporate assets, including hardware and software. It is the next-gen protection for your organization, delivered in a single package.

Do you want to know more about how Risk Monitor can secure your company? Contact us and start a complimentary security audit today!