Home > Business > Industry

Coupang disputes details of joint findings in data leak investigation

Published: 10 Feb. 2026, 21:44

A Coupang truck is seen at a logistics center in Seoul on Feb. 10, 2026. [YONHAP]

Coupang, the U.S.-based parent company of the Korean affiliate, on Tuesday publicly disputed the findings of a joint public-private investigation into data leak in Korea, claiming that some factual details were omitted.

“Coupang hopes that all facts will be clearly revealed. The Korean people have a right to know the truth,” the company said on Tuesday after a government report was disclosed earlier in the day.

The report stated that the attacker had accessed shared apartment entrance access codes more than 50,000 times. Coupang countered that the report omitted the verification results showing that these queries were actually limited to accessing just 2,609 accounts. The company argued that the distinction between the number of "views" and the number of leaked accounts was not explained. The government, however, maintains that unauthorized "viewing" of web pages by the attacker also constitutes a data leak and carries the same legal responsibility.

Coupang also stressed that its internal finding — that the attacker stored the data of approximately 3,000 accounts — was accurate. The investigation team and regulatory authorities, including the Personal Information Protection Commission, are in possession of all devices recovered from the former employee and all forensic evidence consistently aligns with the former employee’s sworn confession that about 3,000 user accounts’ data were stored and later deleted, according to Coupang.

"The investigation team and the commission also have forensic analysis results confirming that no Korean users’ personal data remained stored on the recovered devices," said Coupang.

Coupang further emphasized that “no evidence of any secondary damage caused by the Coupang personal data breach has been identified,” saying the former employee did not access highly sensitive customer information such as payment or financial data, user IDs and passwords or government-issued identification.

The government investigation team also confirmed that no secondary damage resulting from the breach has been confirmed so far. However, it said the leaked information included not only names, email addresses, phone numbers, addresses, some order information and 2,609 shared apartment entrance access codes that Coupang initially disclosed, but also information such as acquaintances’ addresses.

Observers say Coupang released the statement as a move made in consideration of potential litigation in the United States as well as in preparation for the appearance of Harold Rogers, head of Coupang’s Korea unit, before the U.S. House Judiciary Committee on Feb. 23.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY LIM SUN-YOUNG [[email protected]]