Scale of Breach Confirmed by Joint Investigation Science Minister Bae Kyung‑hoon told lawmakers that a joint probe between the Personal Information Protection Commission and police uncovered names and email addresses of more than 33 million Coupang users, and that addresses and order details were also likely exposed [1][2]. The investigation traced the leak to a former employee who accessed Coupang’s servers and may have uploaded data to a cloud location rather than storing it locally [1]. Government officials emphasized the breach’s magnitude far exceeds the company’s earlier estimate of a few thousand accounts [2].

Coupang’s Initial Damage Estimate Rejected Coupang previously asserted that only about 3,000 accounts were compromised and that the suspect had deleted the data after download [1][2]. Minister Bae publicly rejected this figure, stating the government cannot accept the company’s limited assessment and that the leak likely includes additional personal information [2]. The discrepancy sparked tension, with the minister criticizing Coupang for issuing an uncoordinated public announcement that appeared to downplay the incident [1][2].

Compensation Plan and Corporate Response Scrutinized After founder Kim Bom‑suk apologized, Coupang announced a voluntary compensation scheme offering 50,000 won per affected user, totaling roughly 1.685 trillion won, a figure consumer‑rights groups deem insufficient and marketing‑driven [1]. Interim CEO Harold Rogers defended the plan as unprecedented and voluntary during a parliamentary hearing, while noting the board’s serious involvement [1]. Lawmakers questioned the adequacy of the payout and the company’s overall handling of the breach.