South Korean authorities are investigating a major data breach at Coupang, after a former employee allegedly accessed internal systems and stole customer data in an incident affecting tens of millions of users, according to information confirmed by the company and investigators.

The case drew widespread attention after details emerged about the suspect’s alleged attempt to destroy evidence. Following public disclosure of the breach, the accused reportedly smashed a MacBook Air believed to contain key digital evidence, placed it inside a Coupang-branded bag weighed down with bricks, and threw it into a river in an effort to prevent authorities from accessing its contents.

That effort ultimately failed.

Investigators later recovered the submerged laptop from the river. Despite extensive water damage, forensic specialists were able to extract the device’s serial number and trace it back to the suspect through an associated Apple iCloud account. Officials say the recovered MacBook became a critical piece of evidence, directly linking the former employee to the unauthorized system access.

Forensic teams also obtained additional digital evidence from other devices belonging to the suspect. According to investigators, this included scripts and technical tools allegedly used to access Coupang’s internal systems without authorization, further strengthening the case.

The breach itself has had sweeping implications. Coupang said personal data belonging to approximately 33.7 million customers may have been exposed, including names, contact details, and order histories. In response, the company announced a 1.69 trillion won (about $1.17 billion) compensation plan, offering vouchers to affected users — one of the largest such measures ever taken by a South Korean technology firm.

Coupang has emphasized that its internal review found detailed data for only around 3,000 users on the suspect’s devices, and said no payment information or financial credentials were compromised. However, officials stressed that investigations remain ongoing, and that conclusions may evolve as forensic analysis continues.

The dramatic attempt to dispose of the MacBook has become a widely cited example in cybersecurity circles of how difficult it is to eliminate digital evidence once an investigation begins. Experts note that modern devices leave extensive trails through hardware identifiers, cloud accounts, access logs, and backups — meaning physical destruction alone rarely erases all traces of activity.

The incident has also sparked government inquiries in South Korea, with regulators examining whether Coupang’s cybersecurity controls were sufficient to prevent insider threats. Lawmakers and consumer advocates have criticized the company’s security posture, calling for stronger oversight and tougher standards for protecting personal data at large technology platforms.

As the legal process unfolds, Reuters and other international media outlets continue to track the case closely, focusing on regulatory consequences, potential criminal charges, and the long-term impact on consumer trust. For many observers, the image of a laptop pulled from a river has come to symbolize a broader reality of the digital age: once data is touched, copied, or logged, it is rarely as easy to erase as people might think.