Coupang Inc. Faces Intensified Scrutiny Over Massive Data Breach
Coupang Inc., the U.S.-listed e‑commerce and logistics company, is confronting a series of regulatory and political challenges following a large‑scale data breach that reportedly affected more than 33 million South Korean customers. The incident has prompted parliamentary hearings, investigations by the National Intelligence Service (NIS), and criticism of the company’s compensation strategy.
Parliamentary Hearings and Executive Accountability
A two‑day parliamentary hearing began on 30 December 2025, during which lawmakers questioned Coupang executives about the breach and the company’s compensation plan. The session, overseen by the Science, ICT, Broadcasting and Telecommunications Committee, was marked by:
- Executive absence: Several senior officials failed to attend the hearing, leading the National Assembly to issue a formal censure.
- Lawmakers’ concerns: The hearing focused on the adequacy of the company’s compensation, which the interim CEO Harold Rogers described as “unprecedented.”
- Public scrutiny: Media reports highlighted that the data leak impacted nearly two‑thirds of Korea’s population, a figure that contrasts sharply with Coupang’s initial claim of only 3 000 affected accounts.
The hearings underscored the expectation that corporate leaders must be present to address public and legislative inquiries, especially when consumer data security is at stake.
National Intelligence Service (NIS) Response
The NIS publicly denied claims that the company’s internal investigation was directed by the intelligence agency. According to a statement issued on 30 December 2025, the agency had not provided instructions or orders for the probe. This response follows a separate report from the Korean government asserting that the breach involved more than 33 million accounts, a number that far exceeds Coupang’s earlier estimate.
The NIS’s clarification comes amid broader concerns over the adequacy of internal investigations and the role of national security agencies in corporate data incidents.
Regulatory Filings and Legal Implications
On the same day, Coupang filed the results of its internal probe with the U.S. Securities and Exchange Commission (SEC). The filing was met with protests from Korean officials, who expressed dissatisfaction with the company’s disclosure and the perceived insufficiency of the information provided to the Korean regulatory authorities.
The U.S. filing is part of the company’s effort to comply with SEC requirements for companies listed on the New York Stock Exchange, yet it has not mitigated domestic criticism. The company’s market cap of approximately $44.7 billion and a price‑earnings ratio of 117.95 reflect the significant investor scrutiny it now faces.
Lobbying Efforts and Legislative Pushback
A lawmaker from the ruling party, Rep. Kim Nam‑geu, publicly stated that Coupang’s U.S. lobby should not be able to shield the company from Korean sanctions. He urged strict enforcement of penalties for the data breach and warned against the company’s attempts to influence U.S. politicians to avoid accountability.
This position signals a growing legislative insistence on holding multinational corporations responsible for breaches that have domestic implications, regardless of their foreign listing status.
Compensation and Investor‑First Approach Criticism
Coupang has pledged a compensation package totaling roughly 1.7 trillion won (≈ $1.4 billion) for affected users. The interim CEO has defended this amount as “unprecedented,” emphasizing the company’s commitment to customers. However, critics argue that the compensation strategy prioritises investors over users, pointing to the company’s focus on restoring stock price stability rather than fully addressing consumer harm.
The criticism aligns with broader concerns that the company has followed a “U.S. playbook” in handling the aftermath, prioritising shareholder interests over broader consumer protections.
Market Impact
The close price of Coupang’s shares on 28 December 2025 was $24.46, well below the 52‑week high of $34.075 and near the 52‑week low of $19.02. The volatility reflects investor uncertainty surrounding the company’s governance, legal exposure, and the potential impact of regulatory penalties.
Summary
Coupang Inc. is under intense scrutiny following a data breach that affected more than 33 million South Korean users. Parliamentary hearings, NIS statements, SEC filings, and legislative pressure highlight the company’s challenges in addressing consumer harm, regulatory compliance, and investor expectations. The situation underscores the need for transparent governance and robust data protection practices in multinational e‑commerce firms.
