Korean e-tailer Coupang claims a former employee has admitted to improperly accessing data describing 33 million of its customers, but says the accused deleted the stolen data.

In a post published on Christmas, Coupang revealed it worked with Mandiant, Palo Alto Networks, and Ernst & Young, to conduct a forensic investigation into the incident, and has also secured sworn statements from the alleged perpetrator.

The investigation and testimony mean Coupang believes the perpetrator stole a security key while working at the company and later used it to access customer records.

According to Coupang’s report, the alleged perp looked up “roughly 3,000” customers’ order histories and building access codes, a data point used so delivery workers can place packages inside apartment blocks.

Investigators found the alleged perp accessed the data using a PC and a MacBook Air. The accused surrendered the PC, and investigators found the script used to run the attack on one of its hard drives.

After media reported the attack, the accused decided to destroy evidence of his activity, and therefore smashed his MacBook Air, stuffed it in a Coupang canvas bag along with some bricks, and threw it into a river.

An aside: In 2011, before joining The Register, your correspondent wrote a story about data recovery and spoke to a forensics expert who advised using salt water to destroy evidence because it does more damage to electronics than fresh water. That story may have been useful to the accused because after he revealed his actions, investigators found the laptop in the river and were able to read its serial number – which matched the serial number of the accused’s iCloud account.

• There’s so much stolen data in the world, South Korea will require face scans to buy a SIM
• South Korea's answer to Amazon admits breach exposed 33.7M customers
• SK Telecom walloped with $97M fine after schoolkid security blunders let attackers run riot
• 750 million Indian mobile subscribers' info for sale on dark web

Coupang’s post says the alleged perpetrator “only” retained data describing roughly 3,000 accounts, never moved it off his PC and MacBook Air, and deleted it all after seeing news reports about his actions.

“The investigative findings to date are consistent with the perpetrator’s sworn statements and found no evidence that contradicts these statements,” Coupang’s post states.

Coupang’s account of the incident suggests its impact was relatively limited, a welcome assertion as South Korea’s population is around 52 million – meaning the attack affected more than half of the nation’s residents.

Coupang remains in a world of pain. On Monday the company announced that it will gift 33 million customers whose data the alleged perp accessed a ₩50,000 ($35) voucher, an effort that will cost it $1.17 billion. South Korea’s government has commissioned an inquiry into the company’s operations, which – if the data leak at Korean carrier SK Telecom is a precedent – will result in substantial fines. ®