South Korea’s largest online retailer, Coupang, is facing fallout after revealing that a former employee accessed data from 33.7 million user accounts.
The breach, discovered in late 2025, has led to government raids, executive turnover, investor lawsuits, and intensified political scrutiny.
To address the backlash, Coupang announced a 1.69 trillion won ($1.17 billion) compensation plan in the form of platform-only vouchers for affected users, including those who left the platform following the breach.
A former employee has admitted to carrying out the breach.
Investigators recovered a smashed MacBook Air from a riverbed, packed in a canvas bag with bricks in an attempt to destroy evidence. A dive team retrieved the device, and digital forensics teams examined it alongside other recovered hardware.
Coupang says only 3,000 records were retained and later deleted, and claims there is no evidence the data was sold or distributed. However, the company remains under investigation, and lawmakers have questioned whether the compensation plan benefits users or simply recirculates funds within Coupang’s ecosystem.
Why It Matters: The incident has highlighted failures in access control and internal oversight. Coupang’s slow response and limited transparency have compounded public distrust and drawn attention from regulators and investors worldwide.
- Voucher Compensation Reaches 34 Million Users: Coupang plans to distribute 1.69 trillion won ($1.17 billion) in compensation through 50,000-won vouchers to approximately 34 million affected users. This includes former customers who deleted their accounts after the breach. Eligibility checks open on January 15, 2026. However, the vouchers are only valid within Coupang’s own services.
- Forensic Recovery Reveals Attempted Cover-Up: Authorities recovered a damaged MacBook Air that the former employee had attempted to destroy by placing it in a canvas bag with bricks and throwing it into a river. A dive team located the device, which was then examined by forensic teams from Mandiant, Palo Alto Networks, and Ernst & Young. Coupang stated that the investigation confirmed approximately 3,000 user records had been retained, all of which were later deleted. The employee has confessed and provided details about how access was obtained and used.
- CEO Resignation and Public Apologies Follow Delay: Park Dae-jun, who led Coupang’s South Korean e-commerce operations, resigned in mid-December amid growing pressure over the breach. Interim CEO Harold Rogers, formerly with the company’s U.S. parent, described the voucher plan as a “responsible measure” and reaffirmed Coupang’s commitment to customer trust. Founder Kim Bom also issued a formal apology, acknowledging that his decision to delay public communication until facts were confirmed was a mistake and had further damaged public confidence.
- Investor Lawsuit Filed in the U.S. Over Delayed Disclosure: A securities class action was filed in the U.S. District Court for the Northern District of California, alleging that Coupang failed to inform investors of the breach in a timely manner and misrepresented the strength of its cybersecurity protections. The complaint covers investor activity between August 6 and December 16, 2025. Following public disclosure of the incident, Coupang’s stock price dropped sharply, erasing more than $8 billion in market value.
- Mounting Political and Regulatory Pressure: Coupang is now under formal investigation by South Korean privacy regulators and has been publicly criticized by members of the National Assembly. Lawmakers have raised concerns over whether the company followed legal protocols for breach notification and internal oversight.
Coupang recovers smashed laptop that alleged data leaker threw into river – The Record
Trusted insights for technology leaders
Our readers are CIOs, CTOs, and senior IT executives who rely on The National CIO Review for smart, curated takes on the trends shaping the enterprise, from GenAI to cybersecurity and beyond.
Subscribe to our 4x a week newsletter to keep up with the insights that matter.
