A former Coupang employee accessed personal data on 33.7 million customer accounts of South Korea's largest e-commerce platform. Coupang announced a $1.17 billion compensation plan; its head of Korean e-commerce resigned.
Yandex's food-delivery service Yandex.Eda leaked the names, phone numbers, addresses, intercom codes and order details of more than 58,000 customers, which were later mapped onto an interactive public website. Russian regulator Roskomnadzor opened a case and a Moscow court fined the company 60,000 rubles.
Yandex disclosed that one of three administrators with privileged access to its email service had been selling unauthorized access to user mailboxes, compromising 4,887 inboxes before the company's internal security team detected the abuse during a routine review.
Insiders at the Dutch municipal health service GGD stole personal data β including BSN national ID numbers β from the CoronIT and HPzone COVID-19 systems and sold it on Telegram, Snapchat and Wickr for β¬30-β¬60 per person.
An insider at Desjardins β the largest financial cooperative in Canada β exfiltrated personal data on 9.7 million members and businesses over two years before being caught. The defining Canadian insider-threat case.
A contractor's system engineer copied 35 million customer records from Japanese education giant Benesse onto a personal device and sold them to data brokers β the largest insider data theft in Japanese history, triggering a Β₯20 billion compensation programme.
A contractor at the Korea Credit Bureau copied the card and identity data of about 20 million customers of KB Kookmin, Lotte and NH Nonghyup card firms onto a USB drive and sold it β one of the largest financial-data thefts in South Korean history.
Victim
Korea Credit Bureau (KCB) / KB Kookmin, Lotte, NH Nonghyup card units