Coupang Announces $1.17 Billion Compensation Plan After Data Breach
E-commerce giant Coupang, often referred to as the “Amazon of South Korea,” has revealed a compensation strategy totaling 1.69 trillion Korean won (approximately $1.17 billion) aimed at the 34 million customers who were affected by a significant data breach disclosed in November.
According to a report from CNBC, the company’s interim CEO Harold Rogers characterized the initiative as a “responsible step” towards customers, emphasizing their commitment to resolve the issue.
The breach, initially uncovered on November 18 when a customer reported unusual activities, was first downplayed by Coupang, which stated it only impacted around 4,500 accounts. However, subsequent investigations clarified that the issue was much more extensive.
It has been suggested that a Chinese national, previously employed as a software developer for Coupang’s authentication system, was behind the breach. This individual retained access to internal authentication keys after leaving the company nearly a year ago. This access enabled the suspect to gather personal details of Coupang users—names, phone numbers, and even key codes—while going unnoticed due to the use of overseas servers. It appears this intrusion lasted for several months, beginning on June 24.
Coupang confirmed that the compensation will be disbursed as purchase vouchers valued at 50,000 won, usable across various services offered by the company. Importantly, these vouchers will also be available to former customers who closed their accounts in the aftermath of the breach. Customers will be able to verify their eligibility beginning January 15.
This announcement followed a string of apologies from Coupang’s leadership. The company’s founder, Kim Bum, expressed his distress over the situation, admitting that an apology was “overdue.” He initially believed it best to wait until all facts were clarified before issuing a public statement, a decision he later regretted.
The security protocols of Coupang have faced increasing scrutiny after the incident, which also led to the resignation of CEO Park Dae-joon earlier this month. However, Kim Bum assured that the firm had retrieved all compromised user data with assistance from governmental agencies and had seized the suspect’s storage device. He noted that only about 3,000 records were stored on the device and that this information had not been shared or sold to any external parties.
Previous reports suggested that the data breach and the government’s response had a bearing on U.S.-South Korea trade relations.
Following the incident, the U.S. Trade Representative (USTR) abruptly canceled a scheduled trade meeting with South Korean officials, which could stall advancements on a trade agreement between the two nations. Soon after, the USTR publicly cautioned against countries, including South Korea, for allegedly targeting American companies abroad, with congressional leaders also stepping in to hold hearings and issue warnings to South Korea.
