Coupang delivery trucks parked at the company's logistics center in Seoul, Aug. 6 / Yonhap
U.S.-listed e-commerce giant Coupang Inc. said Saturday it has confirmed personal information from 33.7 million customer accounts was exposed, far higher than the 4,500 accounts initially believed to be affected.
The updated figure suggests that nearly all Coupang customers may have had personal information -- including names, phone numbers, email addresses and delivery addresses -- compromised.
However, the company said payment information, credit card numbers and login credentials were not accessed.
"Unauthorized access to delivery-related personal information for the affected accounts appears to have been made through overseas servers since June 24. The access route has been blocked and internal monitoring strengthened," Coupang said in a press release.
The company said it is conducting a joint investigation with security experts and is cooperating with law enforcement and regulatory authorities.
Coupang apologized for the incident and urged customers to be cautious about phone calls, text messages or other communications impersonating the company.
Given that active users in Coupang's Product Commerce division -- which includes its delivery service -- reached 24.7 million in the third quarter, the scale of the leak indicates that nearly the entire user base may have been affected.
On Nov. 20, Coupang initially reported a data leak involving about 4,500 customers, saying at the time that it had found no evidence of unauthorized access to payment information or intrusion into its systems or internal network.