South Korea's Personal Information Protection Commission (PIPC) said Wednesday it is conducting a thorough investigation into the additional personal data breach at Coupang (CPNG).
The commission said Coupang reported at 4:02 p.m. the same day that 165,000 additional member accounts were found to have been compromised during a review of delivery address records, beyond the 33.7 million accounts previously identified.
The newly reported breach involves delivery information entered by holders of 165,455 accounts, including names, phone numbers, and addresses.
Under Korea's Personal Information Protection Act, data processors must notify affected individuals without delay upon discovering a breach. The commission said it has recommended since the initial breach last year that Coupang notify all individuals whose information was included in the delivery address records.
"We plan to rigorously verify the additional breach reported by Coupang through our investigation process," the commission said. "We are currently conducting a thorough probe with the public-private joint investigation team to determine the exact scale and circumstances of the breach, covering both Coupang members and non-members."