Coupang Founder Apologises for Data Breach, Promises Swift Compensation

Bom Kim, founder and chairman of South Korean e-commerce giant Coupang, has issued his first public apology following a major customer data breach that surfaced late last year. In a statement released on December 28, Bom Kim expressed “sincere regret” over the incident and acknowledged the anxiety caused to millions of users. He pledged that Coupang would announce a compensation plan for affected customers at the earliest possible time, though he stopped short of providing concrete details.

The apology marks a significant shift in tone for the company, which has faced mounting criticism over its initial handling of the breach. Kim said Coupang takes responsibility for safeguarding customer information and is committed to strengthening internal controls and cybersecurity systems. He added that restoring user trust remains the company’s top priority as it works to rebuild confidence in its platform.

Bom Kim’s statement was delivered in Korean and published through official channels, underscoring the domestic focus of the issue, even as Coupang operates as a U.S.-listed company with global investors.

Scale of the Breach and Regulatory Scrutiny

The data breach involved information linked to roughly 33 million Coupang users, making it one of the largest personal data incidents in South Korea’s corporate sector. Authorities have clarified that while a vast amount of user data was exposed, only a limited number of records were confirmed to have been copied onto a suspect’s personal device. Investigators have stated that there is no evidence so far that the data was sold or distributed externally.

Coupang has said it cooperated fully with law enforcement and government agencies once the breach was identified. The company reported that the compromised data was recovered promptly and that additional safeguards were put in place to prevent recurrence. However, the incident has triggered broader regulatory attention, including audits and reviews by multiple government bodies examining the company’s data governance, compliance practices, and cross-border corporate structure.

The investigation remains ongoing, with officials assessing whether existing data protection laws were violated and whether further penalties or corrective measures are warranted.

Political Pressure and Path Forward

The controversy has also taken on a political dimension. South Korean lawmakers have criticised Bom Kim for not appearing in person at parliamentary hearings convened to question Coupang’s leadership over the breach. Several legislators accused the founder of showing insufficient accountability, arguing that the scale of the incident demanded direct engagement with elected representatives and the public.

In response to the criticism, Bom Kim reiterated that Coupang would focus on customer remediation and long-term reform. He confirmed that a compensation framework for domestic users is under preparation and will be disclosed once finalised. Industry observers expect the scope of compensation to be closely watched, as it may set a benchmark for how large technology platforms in South Korea respond to data security failures.

As Coupang navigates regulatory probes, political scrutiny, and reputational challenges, the company faces a critical test of trust. How quickly and transparently it delivers on compensation and how effectively it strengthens data protection is likely to shape both consumer sentiment and regulatory expectations in the months ahead.

Visit Visionary CIOs for the latest information.