Coupang Leadership Shifts After Major Data Breach Unsettles South Korea

Key Takeaways

• CEO Resignation: Park Dae-jun stepped down after Coupang disclosed a breach affecting more than 30 million customers.
• WSJ First to Report: The Wall Street Journal broke the news of the leadership change linked to the incident.
• Scope of Exposure: Unauthorized access from June to November exposed names, email addresses, phone numbers, shipping addresses, and parts of order histories.
• No Financial Data Compromised: Coupang said payment details, credit-card numbers, and login credentials were not affected.
• Broader Pattern in South Korea: The breach adds to several high-profile incidents this year at SK Telecom, Lotte Card, and KT.

Deep Dive

Coupang is facing one of the most consequential cybersecurity crises in South Korea’s recent history, prompting Chief Executive Park Dae-jun to resign as the company works to contain the fallout, the Wall Street Journal first reported.

Coupang confirmed Wednesday that Harold Rogers, its Chief Administrative Officer and General Counsel, has been appointed interim CEO of Coupang Corp. following Park’s departure. The move comes after the personal information of more than 30 million customers was leaked in what local media have described as the worst data-breach case the country has seen.

Park acknowledged the severity of the incident in a statement announcing his resignation, saying, “I deeply apologize for disappointing the public with the recent private data [breach] incident. I feel a deep sense of responsibility…and have decided to resign from all positions.”

Rogers, stepping into the role amid heightened scrutiny, sought to reassure the public and customers. “I know this situation has been unsettling for many,” he said. “Our priorities now are clear: address this incident thoroughly, strengthen our information security to prevent recurrence, and restore trust.”

The breach was first disclosed last month, when Coupang reported that unauthorized access to its digital systems had gone undetected for months, beginning in June and lasting until November. Approximately 33.7 million people had personal data exposed, including names, email addresses, phone numbers, shipping addresses, and certain order histories. The company emphasized that payment details, credit-card numbers, and login credentials were not compromised.

The incident adds to a troubling pattern of major data leaks across South Korea this year. In August, SK Telecom (the country’s largest mobile carrier) was fined after a cyberattack exposed information on an estimated 27 million users. Credit-card provider Lotte Card and telecom giant KT also disclosed breaches earlier in the year, each prompting public apologies and government investigations.

South Korean police have launched an investigation into the Coupang breach, underscoring the national significance of an incident affecting more than half the country’s population.

The Coupang breach is also a good example of how personal and far-reaching cyber risk has become. A single intrusion can shake a company’s leadership, rattle customers, and draw regulators straight to the door, all before the full picture is even known. Incidents like this show that cybersecurity isn’t just a background IT issue but something that can reshape a business overnight.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.