E-commerce giant Coupang received anonymous emails threatening to disclose a major data breach that compromised the personal information of 33.7 million users, police said Monday.
Police confirmed that they have identified two separate email accounts used to send the messages, one to Coupang customers on Nov. 16 and another to the company’s customer service center last Tuesday. The emails reportedly claimed to possess customer data and warned that the breach would be made public unless Coupang improved its security measures.
No ransom or financial demands were included in the messages.
The suspect behind both the data breach and the threatening emails is believed to be a former Coupang employee who previously worked in the company’s authentication and access management systems. Coupang filed a criminal complaint with police on Tuesday against an unidentified individual. While industry sources say the investigation has since focused on a former employee of Chinese nationality, police said no details have been confirmed at this stage.
At a regular press briefing, an official from the Seoul Metropolitan Police Agency said the department had obtained server log data from Coupang.
“We are currently analyzing server log records obtained from Coupang,” the official said. “The IP address used in the attack has been identified and is under active investigation.” The official added that international cooperation is underway to trace the source.
Investigators are also working to confirm the suspect’s nationality, current location and if the individual who sent the threatening email is the same person responsible for the breach. They will conduct a digital forensic investigation to determine whether the stolen personal data may have already been transferred or sold to a third party.
As of press time, no secondary harm, such as voice phishing, has been reported.
minmin@heraldcorp.com
