Private information from more than 33 million Coupang user accounts were found to have been comprised by a former employee of the e-commerce giant, as initially estimated by the government.

Such findings by a joint government-civilian investigation team were tentatively released by the Ministry of Science and ICT on Tuesday.

Based on an analysis of 25-point-six terabytes of web access logs, the ministry verified that approximately 33-point-67 million users' names and email addresses were leaked.

The investigators said the former Chinese employee, who was in charge of the company's backup authentication system development, began to compromise user data on April 14, 2025, after recognizing weak spots in the company server three months prior.

The suspect allegedly accessed users' names, phone numbers, delivery addresses, and building passcodes approximately 148 million times, including personal information belonging to family members and friends of account holders.

The suspect is believed to have collected data via an automated web crawling device until November 8 last year, but it remains unclear whether the stolen data was sent to external cloud storage.

The joint team instructed Coupang to reinforce management of authentication key issuance and usage, as well as monitoring of abnormal logins, and to regularly inspect its fulfillment of security regulations.

Authorities plan to impose a fine against the company for reporting the cyber infringement to authorities on November 19, two days after initially learning about it, and have requested an investigation into its failure to follow an order to preserve data for analysis.