Almost a month after the data breach involving around 34 million users was revealed, Coupang announced that all personal data originally exposed in the incident has been recovered. The company, one of the main South Korean references in electronic commerce, has been affected by this unauthorized access since June 24. As The Korea Herald reported, South Korean citizens were massively affected by the disclosure of data such as names, phone numbers, email addresses and shipping addresses, although payment information and login details remained securely stored.
Coupang Inc. Chairman and Founder Kim Bom Suk publicly apologized for the period of poor communication and transparency at the start of the crisis. According to South Korean media, Kim expressed regret over the lack of clarity and prompt response when the incident came to light in a statement released by the company. The manager admitted that the continued silence caused a feeling of frustration and disappointment among those concerned and explained that the decision to postpone an official statement was based on the intention to provide verified information, although over time he realized that this approach turned out to be wrong.
“As founder and chairman, I sincerely apologize on behalf of all Coupang employees,” Kim Bom Suk said in the statement obtained by the Korea Herald. In his speech, he emphasized that from the beginning the company had cooperated fully with the South Korean government authorities responsible for investigating the incidents. As detailed in the newspaper, the company deployed all possible resources and specialist personnel to contain the fallout and minimize possible secondary impacts on users.
Kim’s statement came after Coupang CEO Park Dae Joon resigned from his position earlier this month. The position was temporarily transferred to the responsibility of Harold Rogers, who by then was serving as administrative director and general counsel. All of this came as part of an investigation and measures to control unlawful access to the vast amounts of data that make up almost two-thirds of South Korea’s population.
Among the causes identified in the leak, according to The Korea Herald, is that the attackers managed to access through foreign servers, making it difficult to identify and immediately contain the incident. Coupang’s security teams discovered the anomaly on November 18, although it was later discovered that the unauthorized access had begun almost five months earlier, on June 24.
Given the fallout, the incident became the largest digital security scandal South Korea has experienced to date. According to The Korea Herald, all data disclosed was personal information, with no banking details or login details. This fact did not diminish the public and media impact of the incident, which raised concerns about the security of technological platforms and transparency in crisis management.
Kim Bom Suk assured in his message that Coupang will continue to push forward the implementation of a cybersecurity system that meets the highest standards. He explained that the company will turn this experience into an opportunity to thoroughly reform its protection protocols and increase customer trust. The manager insisted that the organization will “rebuild trust from the ground up” by investing in solutions and continually improving processes to protect information and create a secure experience for users.
The Korea Herald also reported Coupang president’s words on the company’s next steps: “We will ensure that necessary investments and improvements are not delayed. We will use this failure as a lesson and step forward to build a world-class cybersecurity system.” In this sense, Kim Bom Suk reiterated the organization’s commitment to deep reforms and constant self-criticism in response to the incident.
Analyzing the facts, the public revelation fueled calls for greater regulation and oversight of data protection in South Korea’s tech sector. The incident reinforced the debate in this country about corporate responsibility regarding digital privacy, as described by the Korea Herald, and drew attention to internal reporting and management procedures for cyber emergencies. Despite the quick recovery of the leaked data, the breach left millions of users in the dark about the fate and use of their personal data for several weeks.
The Korea Herald’s reporting described the gravity of the case as having been exacerbated by the delay in public response and institutional communication, which raised doubts amid growing global concerns about the vulnerability of data managed by major digital platforms. Although credit cards or payment systems were reportedly not affected, the scale of the attack demonstrated the magnitude of the risks associated with the centralized management of personal data on a large scale.
About The Author
