South Korean authorities are investigating a major data breach at e-commerce giant Coupang, which exposed the personal information of over 33 million customers, marking the country’s worst such incident in more than a decade.

The breach, believed to have started on June 24, involved overseas servers and exploited authentication vulnerabilities in Coupang’s systems.

While names, email addresses, phone numbers, shipping addresses, and order histories were leaked, payment details and login credentials were reportedly unaffected.

Coupang suspects a former Chinese employee who retained an active authentication key may have been responsible, Reuters has reported.

Over 10,000 people have expressed interest in a potential class-action lawsuit seeking compensation of roughly $68 per person.