Coupang to Distribute $1.17B in Vouchers to 37.7M Users Following Data Breach

TLDR

• Coupang is set to distribute more than $1.17 billion in vouchers to customers impacted by a major data breach in South Korea.
• The breach exposed names, email addresses, residential addresses, and order histories of 37.7 million users.
• Each affected user will receive four purchase vouchers totaling 50,000 won, with distribution starting January 15, 2026.
• Coupang’s interim CEO stated the company is taking responsibility and working to restore customer trust.

South Korea’s leading e-commerce platform Coupang will issue over $1.17 billion in vouchers to compensate customers affected by the data breach. The company confirmed the breach exposed users’ names, home addresses, email accounts, and order histories. Coupang emphasized that no payment or login information was accessed during the incident.

Coupang Plans to Issue Four Vouchers Per Affected Customer

Coupang announced that around 37.7 million former and current customers will each get four separate product vouchers. The vouchers include 5,000-won credits for Coupang Eats and Rocket Delivery, plus two 20,000-won coupons for Allux and Travel. Each impacted user will receive a total of 50,000 won starting January 15, 2026.

The company noted that customers can apply for these coupons via the Coupang app when making purchases. Coupang explained the initiative aims to regain customer trust following criticism from South Korean watchdogs. Further eligibility details will be released by the company closer to the launch date.

Coupang’s interim CEO, Harold Rogers, addressed the breach and the company’s responsibility to its customers. “All executives and employees are deeply reflecting on the concern caused to our customers,” Rogers said in a statement. Coupang is now focused on accountability and transparent compensation.

Former Chinese Employee Identified as Main Suspect

South Korean authorities have named a 43-year-old Chinese national as the main suspect in the Coupang breach. Investigators revealed the suspect worked at Coupang between November 2022 and 2024 and kept access to internal systems. The individual allegedly used a digital coupon key to enter Coupang’s servers.

Investigations found the breach started in late June and continued until early November. South Korea’s Seoul National Police Agency is reviewing access logs, IP histories, and system credentials. Coupang confirmed it is fully cooperating with law enforcement.

Vice Minister Ryu Je-myung explained that the attacker exploited Coupang’s internal server system. Coupang stated it had revoked access but did not clarify why the account remained active after employment ended. The company also launched a review of its security protocols.

Coupang Faces User Decline as Rivals Gain Traffic

Following the breach, Coupang’s daily active users dropped from 17.99 million to 15.94 million between December 1 and 6. This decline was tracked by South Korea-based analytics platform Mobile Index. The drop came after a short surge as users rushed to change passwords or delete accounts.

Several users reportedly switched to rival platforms during this period. Gmarket saw its traffic rise by 5.8% from 1.36 million to 1.43 million. Meanwhile, 11th Street and Naver Plus Store experienced 14.33% and 23.1% increases respectively.

The breach reportedly affected nearly two-thirds of South Korea’s population. Coupang has urged users to avoid clicking on suspicious links or messages. The company warned of phishing attempts impersonating Coupang services.

Coupang requested customers report suspicious texts or calls to its support team. It confirmed multiple phishing incidents occurred after the breach became public. Coupang continues to monitor external threats targeting its users.

Coupang remains under investigation by South Korean authorities. The company said it will release updates on eligibility checks via the Coupang app. Compensation will begin in phases starting January 15, 2026.