SEOUL, Nov. 30 (Yonhap) -- Anxiety and frustration are mounting following a massive data breach at e-commerce giant Coupang that local observers noted Sunday may have been ongoing for months.
On Saturday, the U.S.-listed company confirmed personal information belonging to 33.7 million customers -- nearly its entire user base -- had been compromised.
The breached data includes names, phone numbers, email addresses and delivery addresses. The company said payment information, credit card numbers and login credentials were not affected.
"Unauthorized access to delivery-related personal information for the affected accounts appears to have been made through overseas servers since June 24," the company said.
The government on Sunday held an emergency meeting of relevant ministries, presided over by Science Minister Bae Kyung-hoon, and vowed to conduct a thorough investigation into the incident.
"The government received a report about a data breach from Coupang on Nov. 19 and launched a probe the following day," said Bae, adding that the unidentified attacker exploited a vulnerability in Coupang's server verification process to leak the personal data of more than 30 million users.
"The private-public joint team is conducting a comprehensive investigation and devising measures to prevent further damage," he said. "Investigators are also examining whether Coupang violated security guidelines on data protection."
The police reportedly have identified at least one suspect in the case, informed sources said.
The suspect is said to be a former Chinese employee of Coupang, who is no longer with the company and has left the country, according to the sources.
The police launched an investigation into the case after receiving a complaint on Tuesday.
The company first discovered the breach on Nov. 18 and notified authorities within two days. Coupang initially reported a leak affecting approximately 4,500 customers.
As the scope of the breach proves far larger than the 4,500 accounts initially reported and extends back several months earlier than first believed, customers have expressed serious concerns about potential misuse of their compromised information.
The incident surpasses SK Telecom's data leak in April, affecting 23.2 million users, which resulted in a record fine of 134.8 billion won.
In addition, the full extent of the damage may increase as the investigation progresses. In a recent data breach case, Lotte Card initially denied on Sept. 4 that financial details had been breached, but retracted the statement two weeks later, admitting sensitive information including credit card numbers had been compromised.
Coupang offered a public apology Sunday over the data breach incident.
"We express our regret for the recent incident at Coupang that began on June 24," the company said in a statement issued under the name of its Chief Executive Officer (CEO) Park Dae-jun. "We sincerely apologize for causing significant inconvenience and concern to the public."
The company said it will make utmost efforts to strengthen its data protection and security systems and will fully cooperate with authorities to prevent further damage.