Home > Business > Industry

Coupang files probe results with SEC as Korean gov't protests

Published: 30 Dec. 2025, 17:40 Updated: 30 Dec. 2025, 19:18

Coupang interim CEO Harold Rogers swears an oath before appearing at a National Assembly hearing on the Coupang data breach at the National Assembly building in Yeouido, western Seoul, on Dec. 30. [YONHAP]

Coupang pushed ahead with the findings of its investigation of a recent data breach by filing them with the U.S. Securities and Exchange Commission (SEC) on Monday, despite the Korean government's refusal to acknowledge the results.

The New York-listed e-commerce company detailed the findings of its internal investigation into a large-scale personal data breach, which reduced the number of customers affected, and its proposed compensation plan for affected users in its disclosure to the SEC.

The filing, made through the SEC’s Electronic Data Gathering, Analysis and Retrieval system, included a statement signed by Harold Rogers, the Korea CEO of Coupang and chief administrative officer and general counsel of its U.S.-based parent company, Coupang.

“The investigation to date indicates that while approximately 33 million accounts were accessed, the perpetrator only saved limited data from approximately 3,000 customer accounts, and such customer data has been deleted without having been shared with a third party,” the disclosure, signed by Rogers, stated.

But the Korean government strongly objected to Coupang’s announcement last Thursday, expressing regret and frustration over what it called a “unilateral statement.”

The Ministry of Science and ICT quickly responded, saying that Coupang’s statement had not been verified by the government-led joint investigation team.

A disclosure filed by Coupang to the U.S. Securities and Exchange Commission (SEC) EDGAR system [SCREEN CAPTURE]

The Seoul Metropolitan Police Agency also said it was still analyzing the testimony and digital devices provided by Coupang and that a thorough investigation was ongoing.

Coupang’s SEC disclosure did not mention these objections, but it did include the company’s press release on Friday defending itself against accusations of a “self-investigation.”

“The investigation was not internal but conducted over several weeks under government instructions,” Coupang said in the release on Friday. “Ongoing misreporting that the investigation lacked oversight is creating unwarranted public anxiety.”

The company also claimed that it contacted the alleged leaker at the government’s suggestion, retrieved the suspect’s desktop and hard drives, and turned them over to the authorities. It added that it had also secured the suspect’s laptop and conducted a forensic analysis before handing it over to the government.

A National Assembly session on the Coupang personal information data breach is being held at the National Assembly building in Yeouido, western Seoul, on Dec. 30. [KIM SEONG-RYONG]

The disclosure also revealed that Coupang will launch a customer compensation program offering vouchers worth 1.685 trillion won ($1.17 billion) to users, who were notified of the breach in late November. The vouchers will be usable when making purchases on Coupang.

Coupang explained that the cost of the coupons will be deducted from each transaction's sales revenue, suggesting the company’s intention to inform investors of the expected financial impact.

However, the compensation package — which offers each affected user 50,000 won in vouchers — was immediately met with criticism.

The vouchers are divided into 5,000 won for Coupang’s general marketplace, 5,000 won for Coupang Eats, 20,000 won for Coupang Travel and 20,000 won for Coupang R.LUX.

Critics accused the company of bait marketing, saying the low amount for the main marketplace — the platform most used by customers — was designed to drive additional spending by offering high-value coupons for pricier services.

Despite mounting criticism and rising tensions with the Korean government, Coupang proceeded with the SEC filing — likely due to concerns about violating SEC rules if it failed to disclose such a financially significant issue on time.

A Coupang delivery truck is seen parked in front of a logistics center in Seoul on Dec. 30. [NEWS1]

On Tuesday, Minister of Science and ICT Bae Kyung-hoon reaffirmed that more than 33 million data entries had been compromised, disputing the company's own results.

“I cannot agree with that,” Bae said. “More than 33 million names and email addresses were leaked. This was confirmed by the Personal Information Protection Commission, the National Police Agency and the government-private joint investigation team.”

“We believe delivery addresses and order information were also leaked,” said Bae. “Coupang’s decision to announce the findings of an unverified investigation in advance raises serious concern.”

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY KIM HYOUNG-GU, JEONG JAE-HONG [[email protected]]