South Korean authorities revealed on Tuesday that e-commerce giant Coupang, Inc. suffered a large-scale cyberattack from June to November this year, resulting in the exposure of personal data belonging to over 30 million users.

Ryu Je-myung, Second Vice Minister of Science and ICT, stated during a parliamentary session: "Analysis of all log data from July last year to November this year confirmed the leakage of personal information tied to more than 30 million accounts. The attack occurred between June 24 and November 8."

He explained that the attackers exploited Coupang’s digital signature key, which is required to access the company’s servers.

Ryu added that police must investigate to identify the suspects. Earlier reports indicated that an individual claiming to be a former Coupang employee sent emails to the company, alleging responsibility for stealing the personal data of over 30 million users.

Coupang CEO Park Dae-jun disclosed that the suspect had previously worked as a developer in the company’s authentication system development team.

During the same parliamentary session, Park stated: "The suspect could be an individual or multiple individuals." He declined to provide further details, citing the ongoing police investigation.

Last week, the U.S.-listed e-commerce company confirmed that personal information of 33.7 million customers—including names, phone numbers, email addresses, and delivery details—had been compromised, affecting nearly all Coupang members.