A former Coupang employee attempted to destroy evidence of a massive data breach by smashing his MacBook Air and throwing it into a river, only to have investigators recover the device days later. The South Korean e-commerce giant revealed the dramatic details in a December 25 update on the incident affecting 33.7 million customers.
The perpetrator smashed the laptop, placed it in a Coupang canvas bag loaded with bricks, and threw the package into a nearby river according to sworn testimony. Divers recovered the submerged MacBook Air using maps and descriptions provided by the former employee, with its serial number matching records from the accused's iCloud account.
Coupang's investigation with Mandiant, Palo Alto Networks, and Ernst & Young found the former staffer accessed data from 33 million accounts but retained information from only about 3,000 customers. The stolen data included order histories and building access codes used by delivery personnel, but no payment details or login credentials were compromised.
The company announced a 1.685 trillion won ($1.17-1.2 billion) compensation package for affected customers, equivalent to 50,000 won ($35-37) per account. Voucher distribution begins January 15, 2026, covering Coupang's marketplace, food delivery, travel, and luxury services.
Forensic analysis confirmed the perpetrator used a personal desktop PC and the MacBook Air to access customer data, with attack scripts discovered on hard drives surrendered to investigators. The former employee reportedly stole an internal security key while still working at the company and maintained access after his contract ended.
Coupang interim CEO Harold Rogers expressed deep regret for the incident, stating the company would "transform into a company customers trust." The breach prompted the resignation of former CEO Park Dae-jun in mid-December amid widespread criticism of the company's initial response.
South Korea's government has launched a formal inquiry into Coupang's security practices, with potential substantial fines expected based on precedents involving other major Korean corporations. In August 2025, SK Telecom faced a 134 billion won ($96.5 million) fine after a cyberattack affected 27 million users.
Despite the laptop's submersion in fresh water, forensic teams successfully documented evidence from the recovered device before handing it over to government investigators. The company emphasized its investigation was conducted under daily government oversight starting December 1, countering claims of inadequate supervision.
Coupang shares rose 6% following the update confirming the breach's limited impact, though legal challenges including a U.S. class action lawsuit continue to pose financial risks. The incident affected more than half of South Korea's 52 million residents, highlighting the scale of insider threats in cloud-scale retail operations.
The failed destruction attempt underscores the challenges of permanently erasing digital evidence, with forensic experts noting that salt water causes more damage to electronics than fresh water. Cybersecurity analysts view the device recovery as a significant victory against data destruction tactics in corporate investigations.
