Society / Crime
Data Breach at Kupon
Follow crime trends, public safety developments and social risk signals through structured summaries from curated media and analysis sources.
Source material: How Korea’s Amazon Just Exposed 34 Million Users’ Data | AB Explained
Key insights
- On November 30th, 2025, South Koreans received a text from Kupon about a data breach affecting their personal information
- The breach exposed the names, email addresses, and physical mailing addresses of over 33.7 million customers, nearly two-thirds of South Koreas population
- The unauthorized access to personal data began on June 24th, 2025, and lasted for almost five months before it was discovered
- Kupon, a major e-commerce platform in South Korea with an annual revenue of $30 billion, was unaware of the breach during that time
- The scale of the breach raises concerns about corporate negligence and digital vulnerability in the modern world
- More than half of South Korean adults had the Kupon app installed by 2025, indicating its cultural dominance in the e-commerce market
Perspectives
Analysis of Kupon's data breach and its implications.
Kupon's Negligence and Impact
- Exposes personal information of over 33.7 million South Koreans
- Underestimates the severity of the data breach initially
- Attempts to downplay the breachs impact leads to public outrage
- Faces backlash for inadequate compensation plan for victims
- Criticizes labor practices leading to worker deaths
Corporate Defense and Lobbying
- Claims unfair targeting by Korean lawmakers due to being a US company
- Engages in lobbying efforts to influence US government perceptions
- Argues that previous data breaches faced less severe consequences
Neutral / Shared
- Data breach raises questions about cybersecurity protocols
- Increased risks of phishing scams for South Korean citizens
- Public trust in digital services erodes due to corporate negligence
Metrics
customers_affected
33.7 million people
total number of customers whose data was exposed
This figure represents a significant portion of the South Korean population, indicating widespread impact.
the sum of their customers whose personal data was stolen was over 33.7 million South Korean customers
population_affected
52 million people
total population of South Korea
The breach affected nearly two-thirds of the entire population, highlighting the scale of the incident.
nearly two-thirds of the entire Korean population of 52 million
company_revenue
$30 billion USD
annual revenue of Kupon
As a major player in the e-commerce market, Kupon's financial health could be jeopardized by this breach.
Kupon, one of the most valuable companies not just in South Korea, but also in Asia with an annual revenue of $30 billion US dollars
ecommerce_market_size
$150 billion USD
size of the South Korean e-commerce market
The size of the market underscores the competitive landscape and the stakes involved for Kupon.
the fifth largest e-commerce market in the world that's worth over 150 billion US dollars
revenue
$10 million USD
first year revenue
Initial revenue indicates strong market entry and customer acquisition.
$10 million in revenue and signed up three million customers.
sales
over $1 billion USD
sales by 2013
Signifies a successful pivot to a third-party online marketplace.
crossed $1 billion in sales.
annual_revenue_growth
91%
year-over-year revenue growth by 2020
Reflects strong growth trajectory in a competitive market.
generating over $11 billion in annual revenue, a 91% increase year over year.
ipo
$4.6 billion USD
amount raised in the IPO
This significant capital influx positions Kupong as a leader in the e-commerce sector.
The IPO raised $4.6 billion and became the largest US IPO of the year at that point.
Key entities
Timeline highlights
00:00–05:00
A significant data breach at Kupon exposed the personal information of over 33.7 million South Koreans, nearly two-thirds of the population. This incident raises serious concerns about corporate negligence and the vulnerability of digital systems.
- On November 30th, 2025, South Koreans received a text from Kupon about a data breach affecting their personal information
- The breach exposed the names, email addresses, and physical mailing addresses of over 33.7 million customers, nearly two-thirds of South Koreas population
- The unauthorized access to personal data began on June 24th, 2025, and lasted for almost five months before it was discovered
- Kupon, a major e-commerce platform in South Korea with an annual revenue of $30 billion, was unaware of the breach during that time
- The scale of the breach raises concerns about corporate negligence and digital vulnerability in the modern world
- More than half of South Korean adults had the Kupon app installed by 2025, indicating its cultural dominance in the e-commerce market
05:00–10:00
Bum Kim founded Kupong in South Korea, aiming to replicate the success of Groupon with a focus on daily deals. The company evolved into a fully integrated logistics and delivery operation, attracting significant investments from Softbank despite ongoing financial losses.
- Bum Kim, a Harvard dropout, aimed to create the Amazon of South Korea with his company Kupong
- Kim moved back to Seoul in 2010 to launch Kupong, inspired by the success of Groupon in the U.S
- Kupong faced stiff competition with 30 other Groupon copycats already in the South Korean market at launch
- Kim leveraged cheap Facebook advertising to gain traction, achieving $10 million in revenue and three million customers in the first year
- By 2013, Kupong pivoted to a third-party online marketplace, reaching over $1 billion in sales
- Kim decided against an IPO to transform Kupong into a fully integrated logistics and delivery company
10:00–15:00
Kupong has transformed the e-commerce landscape in South Korea by building over 100 fulfillment centers and offering rapid delivery services. The company has faced criticism for the working conditions of its delivery personnel, with 29 workers reportedly dying between 2020 and 2025 due to excessive working hours.
- The IPO raised $4.6 billion, becoming the largest US IPO of the year at that point
- Kupong built over 100 fulfillment centers across South Korea, covering more than 47 million square feet
- % of South Koreas population lives within 7 miles of a Kupong facility, enabling rapid delivery
- Kupong developed AI-powered demand prediction software to forecast neighborhood product needs
- They promised same-day or next-day delivery, with 99.6% of orders delivered within 24 hours
- million South Koreans signed up for the Kupong Rocket Wow membership for fast delivery
15:00–20:00
Kupong's operational negligence led to a significant data breach affecting 337 million users, primarily due to a former employee's unrevoked access rights. The breach, which went undetected for nearly a year, highlights vulnerabilities in Kupong's security protocols despite its extensive data collection practices.
- Kupong required extensive data, including purchase history and personal information, to facilitate dawn delivery
- By 2025, Kupong had amassed one of the most detailed databases of consumer behavior in Korean history, making it a target for breaches
- The data breach was not due to a sophisticated cyber attack but rather operational negligence regarding employee access rights
- A Chinese national developer was hired for Kupongs authentication management system and left South Korea in July 2024 without revoking his access
- Despite leaving, the developers master keys remained active, allowing him to impersonate users and access their accounts without triggering security alerts
- The breach, affecting 337 million users, went undetected until November 16th, 2025, when the former employee threatened customers with exposure of their personal data
20:00–25:00
Kupong experienced a significant data breach affecting 33.7 million users, which went undetected for 147 days. The company's initial response downplayed the breach's severity, leading to public outrage and a boycott resulting in the loss of over 2 million customers.
- Kupongs data breach went undetected for 147 days, affecting 33.7 million users
- The company initially downplayed the breach, claiming only a few thousand records were compromised
- Kupongs recovery of a damaged laptop from a former employee in China was deemed ineffective by security experts
- The lack of an extradition treaty with China complicates potential prosecution of the suspect
- Kupongs failure to implement its biometric authentication system in South Korea raised concerns about its security priorities
- The media connected the data breach to Kupongs history of labor disputes and corporate negligence, leading to public outrage
25:00–30:00
Kupong has faced backlash for its compensation plan following a significant data breach, which many consumer groups view as a marketing strategy rather than genuine support. The breach has led to substantial financial losses for the company and has exposed South Korean citizens to increased risks of phone-based fraud.
- Kim issued a written apology and promised $1.2 billion in compensation, but it was primarily in discount vouchers for Kupong services, not cash
- Consumer groups rejected the compensation plan as a marketing ploy rather than genuine support for victims
- Kupong has lost $8 billion in market capitalization and is facing multiple class action lawsuits in the U.S. for inadequate cybersecurity and misleading investors
- South Korean citizens lost over $1 trillion to phone-based fraud in just the first 10 months of 2025, surpassing the previous years total losses
- Victims are targeted by scammers an average of 56 times per year, using accurate personal information to create a sense of urgency and fear
- Scammers impersonate authorities, claiming to investigate criminal activity linked to the victims identity, pressuring them to transfer funds to a safe account