Coupang Faces Backlash Over South Korea’s Largest Data Breach
South Korea’s dominant e-commerce giant, Coupang, is under intense scrutiny following the country’s largest-ever data breach, which exposed the personal information of over 30 million users. The incident has sparked public outrage, parliamentary hearings, and calls for stricter corporate accountability.
At a contentious hearing on Wednesday, lawmakers criticized Coupang’s leadership for failing to provide adequate explanations. Neither billionaire founder Bom Kim nor former Korean operations head Park Dae-jun—who resigned last week—attended the session. Instead, Harold Rogers, Coupang’s chief administrative officer and interim Korean unit head, faced questioning alongside lower-ranking executives.
Lawmakers accused the company of disrespecting parliament and the public, with committee chair Choi Min-hee vowing to pursue accountability, including potential new legislation to prevent executives from evading responsibility. President Lee Jae-myung condemned the delayed detection of the breach as “astonishing” and urged stronger penalties for corporate negligence.
Authorities conducted search-and-seizure operations at Coupang’s offices, collecting logs and records to investigate the breach’s cause and assess security failures. Reports of suspected phishing attempts have also raised concerns about the misuse of stolen data, which includes names, phone numbers, delivery details, and partial order histories.
In a U.S. SEC filing, Coupang stated that a former employee may have accessed the data, affecting up to 33 million accounts. The breach was disclosed on November 29, prompting a surge in daily active users as customers checked their accounts—peaking at 17.98 million on December 1—before dropping to 15.94 million by December 6.
The fallout has shaken South Korea’s e-commerce sector, with rivals like Naver Corp and Market Kurly poised to capitalize on Coupang’s weakened position. The incident has reignited debates over data protection and corporate oversight in the country.
Source: https://www.chinadailyasia.com/article/625568
Coupang Inc TPRM report: https://www.rankiteo.com/company/coupang
"id": "cou1765951054",
"linkid": "coupang",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '33 million',
'industry': 'E-commerce',
'location': 'South Korea',
'name': 'Coupang Inc',
'size': 'Large',
'type': 'Online Retailer'}],
'customer_advisories': 'Users advised to change passwords and monitor for '
'phishing attempts',
'data_breach': {'number_of_records_exposed': '33 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Names',
'Phone numbers',
'Delivery addresses',
'Email addresses',
'Order histories']},
'date_publicly_disclosed': '2023-11-29',
'description': "Coupang, South Korea's dominant online retailer, experienced "
"a massive data breach compromising over 30 million users' "
'personal information, including names, phone numbers, and '
'delivery details. The breach was detected months after it '
'occurred, leading to public outrage, lawmaker grilling, and '
'police investigations.',
'impact': {'brand_reputation_impact': 'Severe',
'data_compromised': 'Personal information (names, phone numbers, '
'delivery addresses, emails) and order '
'histories',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential new legislation, regulatory '
'scrutiny',
'operational_impact': 'Drop in daily active users, reputational '
'damage'},
'investigation_status': 'Ongoing (Police search-and-seizure operations, '
'internal records review)',
'post_incident_analysis': {'root_causes': 'Delayed detection, potential '
'systematic security failures'},
'references': [{'source': 'Bloomberg'},
{'source': 'South Korean Parliament'},
{'source': 'US Securities and Exchange Commission (SEC) '
'filing'},
{'source': 'IGAWorks (user data)'}],
'regulatory_compliance': {'legal_actions': 'Potential new legislation, police '
'investigation',
'regulatory_notifications': 'SEC filing (US), '
'public disclosure '
'(South Korea)'},
'response': {'communication_strategy': 'Public disclosure via SEC filing and '
'company statements',
'law_enforcement_notified': 'Yes'},
'stakeholder_advisories': 'Lawmakers warning of potential new legislation, '
'President urging stronger punitive measures',
'threat_actor': 'Former Employee',
'title': "Coupang Data Breach - South Korea's Largest Data Breach",
'type': 'Data Breach'}