[Editorial] Coupang’s 33.7 Million Data Breach—How Much Longer Must We Endure This?

The state of cybersecurity management among domestic companies is alarming. Customer data managed by these firms continues to be leaked. Recently, Coupang, the nation’s largest e-commerce company, suffered a massive breach involving 33.7 million records. This incident exposed the personal information of three out of every four adults in South Korea.
Earlier this year, a major personal data leak from a leading telecommunications company caused a public outcry. Several retailers have also experienced successive data breaches involving information they managed directly. Leaked personal data can be exploited for crimes such as voice phishing, making this a grave issue. Despite repeated incidents, companies remain complacent about security management.
Customer data leaks occur through various channels. In the case of Coupang, it is believed that the breach was the work of an internal employee rather than an external hacker. Most recent data breaches in the retail sector have been caused by external hacking. The Coupang case, however, highlights that Korean companies’ security systems are vulnerable to both internal and external threats.
Individuals are forced to provide their personal information, as it is a mandatory requirement for membership. Consumers may not want to share their data with these companies, but they have no choice if they wish to use the services. This is a dilemma for individuals. Regulatory measures must be strengthened to compel companies to enhance their security management.
Hacking poses an even greater threat than insider leaks. It can have consequences that go beyond individual losses, directly impacting national security. Recently, Upbit suffered a virtual asset hack worth 44.5 billion won, believed to be the work of the Lazarus Group, a hacking organization under North Korea’s Reconnaissance General Bureau (RGB). North Korean hacking is not just about financial loss; the stolen funds may be funneled into nuclear weapons development and other illicit activities.
North Korea’s hacking of virtual assets is a direct threat to national security. According to a report by AhnLab, Inc., the Lazarus Group carried out at least 31 attacks over the past year, while another North Korean group, Kimsuky, was responsible for 27. By country, North Korea accounted for 86 cases, representing half of all Advanced Persistent Threat (APT) attacks. Not only are economic interests at risk, but even key national institutions are shaken by North Korean attacks. As hacking techniques become more sophisticated, we are left defenseless.
The higher our dependence on digital technology, the more intense cyberattacks will become. As we enter the era of Artificial Intelligence (AI), it is clear that the scale and severity of cyberattacks will only increase. South Korea, with its advanced digital infrastructure, is inevitably a prime target for international hacking groups.
It is difficult to understand why we remain so unprotected, even as we are aware of these facts. It has been a long time since major security documents from the Ministry of National Defense (MND) were compromised. Yet, nothing has changed. Every day brings news of hacking and data breaches. If we are to be a digital powerhouse, we must also become a leader in cyber defense.
Companies must completely overhaul their security management systems. Furthermore, the government must establish comprehensive measures to prevent hacking and data leaks. Although these are essential steps, both corporate and government responses have been woefully inadequate. There are also calls to strengthen the Collective Action Act and the Punitive Damages System. If a company is at fault, it is only right that it be held legally accountable.