Society / Crime
Societal shifts, narratives, and public-interest developments. Topic: Crime. Updated briefs and structured summaries from curated sources.
How Korea’s Amazon Just Exposed 34 Million Users’ Data | AB Explained
Full timeline
0.0–300.0
A significant data breach at Kupon exposed the personal information of over 33.7 million South Koreans, nearly two-thirds of the population. This incident raises serious concerns about corporate negligence and the vulnerability of digital systems.
- On November 30th, 2025, South Koreans received a text from Kupon about a data breach affecting their personal information
- The breach exposed the names, email addresses, and physical mailing addresses of over 33.7 million customers, nearly two-thirds of South Koreas population
- The unauthorized access to personal data began on June 24th, 2025, and lasted for almost five months before it was discovered
- Kupon, a major e-commerce platform in South Korea with an annual revenue of $30 billion, was unaware of the breach during that time
- The scale of the breach raises concerns about corporate negligence and digital vulnerability in the modern world
- More than half of South Korean adults had the Kupon app installed by 2025, indicating its cultural dominance in the e-commerce market
300.0–600.0
Bum Kim founded Kupong in South Korea, aiming to replicate the success of Groupon with a focus on daily deals. The company evolved into a fully integrated logistics and delivery operation, attracting significant investments from Softbank despite ongoing financial losses.
- Bum Kim, a Harvard dropout, aimed to create the Amazon of South Korea with his company Kupong
- Kim moved back to Seoul in 2010 to launch Kupong, inspired by the success of Groupon in the U.S
- Kupong faced stiff competition with 30 other Groupon copycats already in the South Korean market at launch
- Kim leveraged cheap Facebook advertising to gain traction, achieving $10 million in revenue and three million customers in the first year
- By 2013, Kupong pivoted to a third-party online marketplace, reaching over $1 billion in sales
- Kim decided against an IPO to transform Kupong into a fully integrated logistics and delivery company
- Softbank invested $1 billion in Kupong in 2015, followed by another $2 billion in 2018, marking the largest investment in a Korean e-commerce company
- Despite generating over $11 billion in revenue by 2020, Kupong still posted a net loss of $147 million
- Kupong went public on the New York Stock Exchange on March 11, 2021, having been incorporated in Delaware since 2010
600.0–900.0
Kupong has transformed the e-commerce landscape in South Korea by building over 100 fulfillment centers and offering rapid delivery services. The company has faced criticism for the working conditions of its delivery personnel, with 29 workers reportedly dying between 2020 and 2025 due to excessive working hours.
- The IPO raised $4.6 billion, becoming the largest US IPO of the year at that point
- Kupong built over 100 fulfillment centers across South Korea, covering more than 47 million square feet
- % of South Koreas population lives within 7 miles of a Kupong facility, enabling rapid delivery
- Kupong developed AI-powered demand prediction software to forecast neighborhood product needs
- They promised same-day or next-day delivery, with 99.6% of orders delivered within 24 hours
- million South Koreans signed up for the Kupong Rocket Wow membership for fast delivery
- In 2018, Kupong launched Dawn delivery, allowing orders placed by midnight to arrive by 7 a.m
- Critics blame excessive working hours and poor conditions for the deaths of 29 Kupong workers between 2020 and 2025
- Bum Kim stepped down as CEO of the Korean subsidiary just before the Sirius Accidents Punishment Act was passed
- A major fire at a Kupong warehouse in June 2021 raised concerns about management negligence
900.0–1200.0
Kupong's operational negligence led to a significant data breach affecting 337 million users, primarily due to a former employee's unrevoked access rights. The breach, which went undetected for nearly a year, highlights vulnerabilities in Kupong's security protocols despite its extensive data collection practices.
- Kupong required extensive data, including purchase history and personal information, to facilitate dawn delivery
- By 2025, Kupong had amassed one of the most detailed databases of consumer behavior in Korean history, making it a target for breaches
- The data breach was not due to a sophisticated cyber attack but rather operational negligence regarding employee access rights
- A Chinese national developer was hired for Kupongs authentication management system and left South Korea in July 2024 without revoking his access
- Despite leaving, the developers master keys remained active, allowing him to impersonate users and access their accounts without triggering security alerts
- The breach, affecting 337 million users, went undetected until November 16th, 2025, when the former employee threatened customers with exposure of their personal data
1200.0–1500.0
Kupong experienced a significant data breach affecting 33.7 million users, which went undetected for 147 days. The company's initial response downplayed the breach's severity, leading to public outrage and a boycott resulting in the loss of over 2 million customers.
- Kupongs data breach went undetected for 147 days, affecting 33.7 million users
- The company initially downplayed the breach, claiming only a few thousand records were compromised
- Kupongs recovery of a damaged laptop from a former employee in China was deemed ineffective by security experts
- The lack of an extradition treaty with China complicates potential prosecution of the suspect
- Kupongs failure to implement its biometric authentication system in South Korea raised concerns about its security priorities
- The media connected the data breach to Kupongs history of labor disputes and corporate negligence, leading to public outrage
- The backlash resulted in a boycott, causing a loss of over 2 million customers and the resignation of the CEO of Kupong Korea
- Bum Kims absence from government hearings angered lawmakers, who criticized his attempt to evade accountability due to his US citizenship
1500.0–1800.0
Kupong has faced backlash for its compensation plan following a significant data breach, which many consumer groups view as a marketing strategy rather than genuine support. The breach has led to substantial financial losses for the company and has exposed South Korean citizens to increased risks of phone-based fraud.
- Kim issued a written apology and promised $1.2 billion in compensation, but it was primarily in discount vouchers for Kupong services, not cash
- Consumer groups rejected the compensation plan as a marketing ploy rather than genuine support for victims
- Kupong has lost $8 billion in market capitalization and is facing multiple class action lawsuits in the U.S. for inadequate cybersecurity and misleading investors
- South Korean citizens lost over $1 trillion to phone-based fraud in just the first 10 months of 2025, surpassing the previous years total losses
- Victims are targeted by scammers an average of 56 times per year, using accurate personal information to create a sense of urgency and fear
- Scammers impersonate authorities, claiming to investigate criminal activity linked to the victims identity, pressuring them to transfer funds to a safe account
1800.0–2100.0
Scams in South Korea are increasingly sophisticated, often involving fake delivery messages that exploit personal information to deceive victims into providing financial details. The recent KuPang data breach has intensified scrutiny on the company's data security practices and the government's response compared to past breaches affecting millions.
- Victims of scams in South Korea often lose money when they voluntarily move their funds, which are then routed through multiple accounts and disappear
- A prevalent scam involves fake delivery messages that appear routine, prompting victims to click links that lead to fraudulent websites
- These scam messages often contain personal details, making them more convincing and effective
- Elderly Koreans are particularly vulnerable to phishing scams, often falling for messages from supposed family members asking for money
- Multiple data breaches in South Korea have compromised personal information on a massive scale, affecting millions of people
- The response to the KuPang data breach has been more intense than previous breaches, raising questions about the consistency of government and media reactions
2100.0–2400.0
The situation has escalated from a data breach involving Coupon into a geopolitical dispute between the United States and South Korea, with concerns over the treatment of American companies. Korean consumers are facing increased risks from phishing scams and a loss of trust in digital services as a result of this conflict.
- The South Korean government was notified of the indefinite postponement of a freight trade agreement meeting by the United States, citing concerns over Koreas treatment of American companies
- Coupon has spent $10.75 million over five years lobbying the US government, claiming it is being unfairly targeted by Korea
- A US lawmaker stated that American companies, including Coupon, are facing a campaign of aggression from the Korean government
- The situation has evolved from a data breach into a geopolitical dispute between the US and South Korea
- Korean lawmakers may face backlash from Washington if they continue to punish Coupon, which is now seen as too big to fail
- Coupon is likely to face a fine around $1 billion, which is minimal compared to its global revenue of over $30 billion last year
- Korean consumers are experiencing increased threats from phishing scams and a loss of trust in digital services due to the situation with Coupon
- There is a growing sentiment among consumers that the convenience offered by Coupon has come at a cost, leading some to return to traditional grocery shopping