Top Headlines

Feeds

Civic Group Demands Transparency as Korea‑U.S. Tensions Surface Over Coupang Data Leak

Updated (52 articles)

Data Leak Exposes Over 33 Million Coupang Users The personal information of roughly 33.7 million customers—including names, phone numbers and delivery addresses—was accessed in a breach that occurred last year, according to Coupang’s own disclosure [1]. The company’s internal investigation claimed a former employee stole the data but managed to delete records for only about 3,000 accounts [2]. Both articles note that the scale of the breach has prompted formal investigations by Korean authorities [2][1].

Regulator Demands Removal of Unverified Probe Results South Korea’s Personal Information Protection Commission ordered Coupang to take down its independent probe findings, labeling them “unverified” and warning they could mislead the public [2]. The commission warned that failure to submit required documents could be treated as obstruction and urged the firm to add a user‑facing breach‑lookup feature to its app and website [2]. This demand underscores the regulator’s push for an official, transparent investigation [2].

Civic Group Calls for Transparency and Compensation The Korean American Public Action Committee, representing Korean‑American interests, urged Coupang to fully disclose the breach’s scope and provide substantive compensation to affected users [1]. The group warned against using political lobbying or congressional hearings to conceal facts, emphasizing that mishandling could damage Seoul‑Washington relations [1]. Their statement reflects growing civil‑society pressure for corporate accountability in the wake of the leak [1].

Diplomatic Tensions Rise as US Lawmakers Criticize Korean Probe During a U.S. congressional hearing, a House member accused Korean regulators of targeting Coupang unfairly, suggesting the investigation could have discriminatory overtones [1]. South Korea’s Trade Minister Yeo Han‑koo traveled to Washington to discuss the issue with U.S. Trade Representative Jamieson Greer, asserting that the probe follows fair and transparent legal principles [1]. Both sides expressed a desire to prevent the dispute from escalating into a broader trade or diplomatic conflict [1].

Sources

Timeline

June 24, 2025 – Unauthorized access to delivery‑related personal data begins on overseas servers, allowing a suspect to retrieve basic identifiers from roughly 33 million Coupang accounts, a breach later confirmed by police and the company [29][30][27][26].

Nov 18, 2025 – Coupang discovers the breach, reports an initial 4,500 affected customers to authorities within two days, and later realizes the intrusion has exposed data of 33.7 million users [29][30][27][26].

Nov 29, 2025 – The company publicly announces that 33.7 million customers’ names, phone numbers, emails and delivery addresses were compromised, while payment information remains intact [29].

Nov 30, 2025 – CEO Park Dae‑jun issues a public apology and pledges stronger data protection; Science Minister Bae Kyung‑hoon convenes an emergency ministerial meeting to launch a joint government‑private investigation into the breach [28][27][26][1].

Dec 1, 2025 – Coupang formally discloses the 33.7 million‑record breach, triggering comparisons to SK Telecom’s April 2025 leak of 23.2 million users and prompting consumer groups to demand transparent compensation [24][25].

Dec 2, 2025 – President Lee Jae Myung calls for a rapid investigation and harsher penalties, urging ministries to adopt a punitive‑damages system for future data‑leak incidents [23][22].

Dec 4, 2025 – The Korea Media Communications Commission launches a fact‑finding probe into Coupang’s account‑deletion process, citing potential violations of the Telecommunications Business Act amid the ongoing breach fallout [21].

Dec 7‑8, 2025 – A U.S. class‑action lawsuit is filed against Coupang’s Seattle headquarters, with the plaintiff planning parallel litigation in South Korea, citing the same 33.7 million‑user breach [20].

Dec 8, 2025 – The presidential office’s chief of staff urges swift preventive measures, warning that the leaked data could fuel scams and questioning the fairness of immunity clauses in Coupang’s customer terms [19].

Dec 9‑10, 2025 – Seoul Metropolitan Police conduct a second‑day raid on Coupang’s Songpa headquarters, seizing evidence and targeting a Chinese‑national suspect identified in the breach [18].

Dec 25, 2025 – Coupang releases an internal probe stating that only about 3,000 customers’ data were saved and subsequently deleted, asserting no external leak and emphasizing that the suspect used stolen security keys to access 33 million accounts [14][15][16].

Dec 26, 2025 – Police intensify forensic analysis of the suspect’s laptop, verifying its provenance and examining whether data tampering occurred during its voluntary surrender [13].

Dec 28, 2025 – Founder and chairman Kim Bom‑suk issues a written apology for the breach affecting roughly 34 million South Koreans, admits the apology was delayed, and confirms forensic evidence and a confession linking a former employee to the leak [10][11][12].

Dec 30, 2025 – Science Minister Bae Kyung‑hoon reaffirms that over 33 million users were affected, labels Coupang’s unilateral announcement as “malicious,” and outlines a 1.69 trillion‑won compensation package of 50,000 won vouchers per user [8][9].

Dec 31, 2025 – The government vows to pursue all legal measures, criticizes Coupang’s “lukewarm” response, and the Fair Trade Commission’s chairman signals that suspension of Coupang’s operations remains a possible penalty [6][7].

Jan 7, 2026 – Seoul prosecutors request cooperation from Chinese authorities and Interpol to arrest a former Chinese employee suspected of the leak; a court‑approved arrest warrant dated Dec 8 underpins the extradition request [5].

Jan 12, 2026 – FTC Chair Ju Byung‑gi warns that a temporary suspension of Coupang’s business may be ordered if consumer relief proves insufficient, and announces an imminent ruling on allegations that the firm shifted low‑price losses onto suppliers [4].

Jan 14, 2026 – The Personal Information Protection Commission orders Coupang to remove its unverified independent probe results, warning that the material could confuse the public ahead of the official investigation [3].

Jan 19, 2026 – The Korean American Public Action Committee urges Coupang to fully disclose the leak’s scope and provide fair compensation, warning that mishandling could strain Korea‑U.S. relations; Trade Minister Yeo Han‑koo meets U.S. Trade Representative Jamieson Greer in Washington to reassure that the probe proceeds transparently [2].

2026 (planned) – South Korea’s Nuclear Safety and Security Commission approves operation of the Saeul‑3 APR1400 reactor, with commercial launch slated for the following year, reflecting broader governmental focus on high‑tech infrastructure amid the data‑security crisis [9].

2026 (expected) – The FTC is set to announce its decision on the supplier‑loss investigation, which could further impact Coupang’s business practices and regulatory standing [4].

Dive deeper (32 sub-stories)

All related articles (52 articles)