South Korean government declares emergency over Coupang cyber attack

 

South Korean government declares emergency over Coupang cyber attack.

The South Korean government convened an extraordinary ministerial summit on November 30, a public holiday, to address the extensive security breach at the e-commerce firm, Coupang (CPNG), Chosun Daily reports.

This meeting, held at the Government Complex Seoul, saw the attendance of top officials, including the Deputy Prime Minister, the Minister of Science and ICT, the head of the Office for Government Policy Coordination, and the Chairperson of the Personal Information Protection Commission (PIPC).

This incident is particularly alarming because Coupang is one of South Korea's dominant online retailers, meaning this massive data theft affects a substantial portion of the nation's consuming public, necessitating an immediate and authoritative state response.

Following Coupang’s late-night announcement on November 29 of the massive data loss, authorities immediately declared a thorough inquiry.

The Ministry of Science and ICT confirmed that their on-site inspections began following initial reports from Coupang on November 19 and November 20.

Investigators verified that threat actors leveraged authentication flaws in the company’s systems to illicitly extract data for more than 30mn customer accounts, including names, email addresses, and delivery contact details.

This suggests that the attackers bypassed standard login protocols by exploiting server vulnerabilities.