Coupang maintains irresponsible stance as fallout widens

Home > Opinion > Editorials

Coupang maintains irresponsible stance as fallout widens

Published: 05 Dec. 2025, 00:00

Audio report: written by reporters, read by AI

Coupang CEO Park Dae-jun (left) listens with a tense expression as lawmakers question him about the company’s massive data leak during a full session of the National Assembly’s Science, ICT and Broadcasting Committee on Feb. 2. Second from right is Coupang CISO Brett Matthes. [LIM HYUN-DONG]

The fallout from the Coupang data breach, which exposed the personal information of 33.7 million users, continues to deepen. Not only were names, addresses and phone numbers compromised, but also apartment entrance passwords and information on customers who left the platform years ago. Reports have surfaced of abnormal login attempts, overseas payment alerts and even unauthorized high-value charges on credit cards registered to Coupang accounts. As customers leave the platform, small merchants dependent on Coupang are suffering steep declines in sales.

Despite the scale of what amounts to a national-level security incident, Coupang’s response has appeared tepid and at times dismissive. The company removed its apology from the homepage after only two days and has used the term “exposure” instead of “leak,” prompting criticism that it is minimizing responsibility. Coupang CEO Park Dae-jun told lawmakers on Dec. 3 that the company would consider compensation, but his remarks remained abstract and did not include concrete plans for relief.

The crisis has exposed structural weaknesses behind Coupang’s rapid rise to the top of Korea’s e-commerce market. Security oversight and internal controls lagged far behind its expansion. It is troubling that the company failed for five months to detect that a former employee had accessed and leaked customer data, and yet more alarming that the individual logged into the system using a signature key not even held by the corporate representative.

Coupang’s inadequate internal controls and cavalier posture are linked to regulatory conditions that helped cement its dominance. Restrictions on large retailers intended to protect small businesses unintentionally strengthened Coupang’s market position. JP Morgan even concluded in a report that customer attrition would be limited because Korea lacks major competitors and consumers are relatively less sensitive about data privacy. Such assessments reflect a market environment in which customer concerns can be dismissed too easily.

The company’s dual structure, with its operating base in Korea but parent company, Coupang Inc., incorporated in the United States, has also contributed to the problem. More than 90 percent of its revenue comes from Korea, yet founder Bom Kim stepped down from all board roles in the Korean entity once the Serious Accidents Punishment Act took effect, shielding himself from potential legal liability. Had a breach of this magnitude occurred in the United States, the company could face astronomical damages, while Korea’s penalties remain comparatively modest. Coupang has benefited from regulatory blind spots, while consumers shoulder the consequences.

Coupang founder and CEO Bom Kim [COUPANG]

The government should use this moment to strengthen accountability for data breaches and tighten oversight of major e-commerce platforms. Most of all, Coupang must abandon its dismissive posture and demonstrate responsibility through meaningful compensation, credible prevention measures and a sincere apology from corporate leadership.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.