Coupang, 30 million pieces of personal information leaked... Victims frequently experience smishing and identity theft incidents

As the large-scale personal information leak incident at Coupang continues to escalate, consumer anxiety is intensifying. According to recently disclosed information, approximately 33.7 million records were leaked, nearly equivalent to Coupang’s entire user account base, fueling growing concerns about secondary victimization.

Although Coupang’s official statement claims that no payment data or passwords were included in the leaked information, it has been confirmed that critical personal information such as names, emails, and addresses was exposed, significantly increasing the risk of scams and phishing. Experiences shared via online communities and social networking services (SNS) like “login activity at unusual hours” or “sudden surge in impersonation text messages” are rapidly spreading, and actual cases of harm are continuously emerging.

To prevent further damage, government agencies and the security industry are guiding users to various inquiry methods and preventive measures. The Korea Internet & Security Agency (KISA) operates the “My Leaked Information Inquiry” service, through which users can check if their account information (account, password, etc.) is circulating on the dark web or other channels. However, for general information such as names, phone numbers, and emails, separate reports from companies are required, so users should refer to each company’s announcements or leak confirmation pages.

Additionally, checking login activity provided by platforms is an important countermeasure. Major online platforms, including Coupang, offer users information about recent login times, access locations, and device details. If records from unfamiliar locations or time periods are found, or if access from unknown devices is detected, users are advised to immediately change their passwords and enable two-factor authentication. Measures should also be taken to block access from unused devices.

The recent surge in impersonation text messages and voice phishing following this leak is also noteworthy. According to statistics from the Ministry of Science and ICT and KISA, reports of impersonation text messages sharply increase within 1–3 months after major information leaks. In particular, persistent SMS attacks impersonating brands continue to cause user damage, so users should avoid installing applications from unknown sources and be cautious about clicking links in suspicious messages.

Currently, the government operates victim reporting channels by type. Personal information breaches can be reported to the KISA 118 Center, while account theft or impersonation victims can report to the National Police Agency’s cybercrime reporting system. In case of financial loss, measures can be taken through the Financial Supervisory Service’s Illegal Financial Transaction Response Center. Civil organizations have also begun collective dispute mediation applications, indicating that legal responses are fully underway.

Such large-scale information leaks serve as a wake-up call for the entire domestic digital ecosystem. It is expected that, aside from Coupang, government and consumer oversight of major platforms’ security management systems will further strengthen, and discussions on legal and regulatory reforms are both urgent and inevitable.