South Korean e-commerce giant Coupang — often called the “Amazon of Korea” — suffered a massive data breach affecting 33.7 million user records. The breach has triggered police investigations, government probes, and multiple lawsuits from U.S. investors. Coupang’s interim CEO was questioned for 12 hours by police over allegations that the company may have destroyed evidence related to the breach.
Learn how to protect your data after a breach on OpenClassActions.com.
What Happened
In 2025, Coupang disclosed a data breach stemming from poor key management practices that exposed the records of 33.7 million users. The breach included personal information, purchase history, and account data. South Korean authorities determined that Coupang’s security systems had fundamental vulnerabilities that allowed the breach to occur.
The fallout has been severe. South Korean regulators fined Coupang and demanded security improvements. Police are investigating whether the company conducted an unauthorized internal investigation and destroyed evidence before notifying authorities. Coupang’s CEO resigned, and the interim CEO faced extended police questioning.
U.S. investors — including firms Greenoaks and Altimeter — have filed legal challenges against the South Korean government, alleging discriminatory treatment of foreign-invested companies in the investigation. The case has become a flashpoint in U.S.-South Korea business relations.
Who Is Affected
The breach primarily affects Coupang users in South Korea, where the platform dominates online retail. However, Coupang also operates in other markets, and the company is publicly traded on the New York Stock Exchange (NYSE: CPNG). U.S. shareholders have been affected through the stock price decline that followed the breach disclosure.
What You Should Do
If you have a Coupang account, change your password and enable two-factor authentication. Monitor your account for unauthorized orders or changes. If you are a Coupang shareholder, follow the investor lawsuits for potential recovery opportunities. The case is a stark reminder that data security failures can have far-reaching consequences for users, employees, executives, and investors alike.
This article is for informational purposes only and does not constitute legal advice. Written by Steve Levine for OpenClassActions.org.