Coupang Inc. Faces Widespread Legal and Regulatory Scrutiny After Massive Data Breach
Scope and Impact
On 3‑4 December 2025, Coupang Inc. confirmed that a data breach exposed the personal information of 33.7 million customer accounts. The incident was traced to a security failure that began in June, with servers located overseas. The breach has prompted a cascade of concerns across multiple sectors:
| Sector | Key Issue |
|---|---|
| Payments | Questions over the shared login system with Coupang Pay, potentially exposing payment data to unauthorized parties. |
| Small‑Business Ecosystem | Small merchants who rely on Coupang for sales have reported increased vulnerability and potential loss of customer trust. |
| Regulatory | Both U.S. and South Korean authorities are examining the adequacy of Coupang’s disclosure and mitigation measures. |
Regulatory Responses
- United States – The Securities and Exchange Commission (SEC) is reportedly reviewing whether Coupang’s disclosure of the breach complied with U.S. reporting obligations. Investor pressure has intensified, and legal teams are assessing potential liabilities.
- South Korea – The Financial Services Commission and the Ministry of Economy and Finance have intensified scrutiny of Coupang Pay’s login architecture. The breach is being treated as a potential “landmark case” for South Korea’s fintech industry, with regulators evaluating whether the incident constitutes a systemic risk to the payments sector.
- Other Jurisdictions – Taiwanese regulators confirmed that accounts linked to Taiwan were unaffected, while Korean lawmakers have demanded a detailed apology and compensation plan from the company.
Company Response
Coupang’s CEO, Park Dae‑jun, announced on 3 December that the company would proactively review compensation for victims and implement a comprehensive review of its data protection protocols. The company has stated it is not anticipating significant customer churn, citing a report from Maeil Business News Korea that customer exodus is unlikely at present.
Market Reaction
The incident has already influenced market sentiment. As of 1 December, Coupang’s stock closed at $26.71, down from a 52‑week high of $34.075 on 17 September. The company’s price‑earnings ratio stands at 129.64, reflecting the high valuation investors still maintain despite the breach. The market cap is $48.68 billion.
Stakeholder Concerns
- Consumers – Public protests outside Coupang’s Seoul headquarters demand an apology and compensation.
- Small Businesses – The fallout is felt acutely among merchants who depend on the platform for sales; industry sources warn of strained relationships.
- Investors – Analysts are re‑evaluating risk exposure, especially regarding potential regulatory fines and litigation costs.
Outlook
Coupang must navigate a complex landscape of legal liability, regulatory reform, and reputational damage. Its ability to strengthen security protocols, provide transparent communication, and address compensation will be critical in determining whether the company can restore investor confidence and maintain its position in the e‑commerce and logistics market.
