Coupang Offers $1.18 Billion in Vouchers After Data Breach

Key Takeaways

• $1.18 Billion Compensation Announced: Coupang plans to distribute $1.18 billion (SKW 1.69 trillion) in vouchers to 33.7 million users, offering $35 (SKW 50,000) per affected account following one of South Korea’s largest data breaches.
• Compensation Plan Draws Fresh Criticism: Lawmakers and consumer groups argue that vouchers usable only on Coupang platforms function more as a marketing tool than meaningful restitution for compromised personal data.
• Leadership Fallout Continues: The compensation announcement follows the resignation of CEO Park Dae-jun and the appointment of Harold Rogers as interim CEO, underscoring the governance impact of the breach.
• Regulatory and Parliamentary Pressure Intensifies: South Korea’s telecoms regulator is probing whether Coupang unlawfully restricted users’ ability to delete accounts after the breach, while parliament prepares hearings focused on accountability and consumer rights.
• Founder’s Absence Fuels Backlash: Founder Kim Bom has again declined to attend parliamentary hearings, amplifying criticism as scrutiny widens beyond cybersecurity into governance, compliance, and consumer protection failures.

Deep Dive

South Korean e-commerce giant Coupang has unveiled a $1.18 billion (SKW 1.69 trillion) compensation plan, according to Reuters, for users affected by its massive data breach, a move that has reignited criticism from lawmakers and consumer groups already scrutinizing the company’s leadership and compliance failures.

Coupang said it will issue $35 in company vouchers (SKW 50,000) to each of the 33.7 million affected account holders, marking its first concrete restitution measure since the breach was disclosed last month. The announcement followed a public apology from founder Kim Bom, who pledged to accelerate compensation efforts after weeks of public and political pressure.

The plan, however, lands amid an intensifying crisis for Coupang, which has already seen a leadership shake-up, a police investigation, and a regulatory probe into its consumer practices.

As previously reported, the breach prompted the resignation of Chief Executive Park Dae-jun, with Coupang appointing its Chief Administrative Officer and General Counsel, Harold Rogers, as interim CEO. The leadership change came as authorities confirmed that unauthorized access to Coupang’s systems went undetected for months, exposing personal information of more than 30 million users. Coupang has said payment details and login credentials were not compromised.

At the same time, South Korea’s media and telecoms regulator has opened a formal investigation into whether Coupang unlawfully made it difficult for users to delete their accounts following the breach. The probe is examining whether the company’s multi-step, cross-platform account deletion process violates telecoms law by restricting consumers’ right to terminate services, particularly as deletion requests surged after the incident.

Against that backdrop, Coupang’s decision to offer compensation exclusively in the form of vouchers usable only on its own platforms has drawn sharp criticism.

Choi Min-hee, a lawmaker from the ruling Democratic Party and chair of the National Assembly’s Science, ICT, Broadcasting and Communication Committee, criticized the plan in a Facebook post, saying Coupang was “bundling coupons for services no one uses.” She accused the company of attempting to turn a data breach affecting more than half the country into a commercial opportunity rather than offering meaningful restitution.

Consumer groups echoed those concerns. The Korea National Council of Consumer Organizations said the compensation plan trivialized the severity of the breach, describing the vouchers as a marketing tool designed to drive additional spending rather than a genuine acknowledgment of harm.

Kim has also declined to attend parliamentary hearings scheduled for Tuesday and Wednesday, citing prior commitments—a decision that has further inflamed criticism from lawmakers already frustrated by his earlier absences. South Korea’s parliament is expected to hold two days of hearings focused on Coupang’s handling of the breach, its compensation approach, and its broader compliance with consumer protection and telecoms laws.

When asked to respond to the growing backlash over the voucher-based compensation plan, Coupang said it had no further comment.

The compensation announcement shows just how far the crisis has spread since the initial cyber intrusion. What began as a security failure has cascaded into a governance reckoning, a regulatory investigation into user rights, and now a contentious debate over restitution. The challenge is no longer limited to fixing systems, it is navigating a sustained test of leadership credibility, regulatory trust, and consumer confidence, with key decisions now unfolding under the glare of parliamentary scrutiny.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.