Labor Minister Doubts Coupang’s Ability to Remedy Massive Data Breach After Vouchers Draw Criticism
Updated (9 articles)
Scale of breach exposed personal data of over 33 million users The leak revealed names, phone numbers, email and delivery addresses of roughly 33.7 million customers, about two‑thirds of South Korea’s population, a figure confirmed by multiple hearings and police reports[1][4]. Lawmakers described the exposure as “massive” and launched a police investigation that remains active[4]. The breach’s breadth has intensified public scrutiny of the e‑commerce giant’s data‑security practices[2].
Compensation plan offers 50,000‑won vouchers with split‑use restriction Coupang announced a 50,000‑won voucher per affected user, of which only 5,000 won can be spent on its main platform while the remaining 45,000 won must be used on affiliated sites, including a luxury‑goods marketplace[1][2]. The package totals about 1.685 trillion won (≈US$1.17 billion) and is presented as a “major step” toward restitution[3]. Interim CEO Harold Rogers insisted the vouchers carry no waiver of civil or criminal claims[3].
Government officials press for meaningful, non‑promotional remediation Labor Minister Kim Young‑hoon publicly questioned whether Coupang can be “fixed” without a clear root‑cause diagnosis, linking the breach to a pattern of alleged cover‑ups[1]. The Personal Information Protection Commission’s Song Kyung‑hee urged the company to provide compensation that victims deem remedial, placing the burden of proof on Coupang[2]. Regulators also highlighted gaps in the legal framework for monetary damages, calling for clearer statutes[2].
Forensic findings and government dispute over breach scope persist Coupang’s internal forensic review identified a former employee, recovered the offending equipment, and claimed that data from only about 3,000 accounts was saved and later deleted[3]. Science Minister Bae Kyung‑hoon rejected this self‑assessment, reaffirming that more than 33 million customers were affected and accusing the company of downplaying the damage[3]. Both sides await results of a joint public‑private investigation that has yet to release conclusions[3][4].
Sources (4 articles)
-
[1]
Yonhap: Labor minister rebukes Coupang over data‑leak response: Highlights minister Kim’s skepticism, the 33.7 million‑user breach, and criticism of the voucher structure.
-
[2]
Yonhap: Regulator urges meaningful compensation for Coupang data‑leak victims: Details the Personal Information Protection Commission’s demand for substantive remedies and legal ambiguities.
-
[3]
Yonhap: Coupang says data breach compensation plan not tied to lawsuit waiver condition: Reports CEO Rogers’ claim that vouchers lack waiver conditions, valuation of the plan, and the disputed forensic findings.
-
[4]
Yonhap: Coupang executives grilled by lawmakers over data leak and compensation plan: Describes the two‑day parliamentary hearing, founder Kim Bom‑suk’s absence, and ongoing police probe.
Timeline
Nov 29, 2025 – A massive data breach exposes personal information (names, phone numbers, email and delivery addresses) of 33.7 million customers – about two‑thirds of South Korea’s population – marking the largest privacy incident the country has faced in years. The leak triggers a police investigation and sets off a chain of corporate and governmental responses. [3][8]
Dec 29, 2025 – Founder Kim Bom‑suk delivers his first public apology, saying “We deeply regret the breach and will do everything to restore trust,” and unveils a 1.68‑1.69 trillion‑won compensation package that gives every affected user 50,000 won in vouchers. The vouchers are split across Coupang’s e‑commerce platform (5,000 won), Eats (5,000 won), travel services (20,000 won) and the R.LUX luxury line (20,000 won), with payouts slated to begin on Jan 15, 2026. [7][8][9][1]
Dec 30, 2025 – The National Assembly conducts a two‑day grilling of Coupang executives; interim CEO Harold Rogers faces sustained questioning while founder Kim Bom‑suk skips the hearing, prompting lawmakers to call his absence “insolent.” Lawmakers denounce the voucher scheme as a “promotional gimmick” that steers most of the value to platforms outside Coupang’s core site. [5][5]
Dec 31, 2025 – At a parliamentary hearing, regulator Song Kyung‑hee of the Personal Information Protection Commission tells Coupang, “The burden of proof lies with you; you must offer compensation that victims feel truly remedied,” stressing that vouchers may not satisfy victims. Interim CEO Harold Rogers asserts that the vouchers “carry no waiver of civil or criminal action,” aiming to prevent the plan from limiting future lawsuits. Science Minister Bae Kyung‑hoon reiterates that more than 33 million customers are affected and criticizes Coupang’s unilateral assessment of the breach. [4][3][3]
Jan 5, 2026 – Labor Minister Kim Young‑hoon rebukes Coupang, stating “I doubt whether the company can be fixed,” and questions the adequacy of the voucher‑based compensation, noting that only 5,000 won applies to Coupang’s main site while 45,000 won must be spent on other platforms. He links the breach to a broader pattern of alleged cover‑ups and past industrial accidents, urging a thorough root‑cause diagnosis before any corrective steps. [2][2]
All related articles (9 articles)
-
Yonhap: Labor minister rebukes Coupang over data-leak response
-
Yonhap: Regulator urges meaningful compensation for Coupang data-leak victims
-
Yonhap: Coupang says data breach compensation plan not tied to lawsuit waiver condition
-
Yonhap: Coupang executives grilled by lawmakers over data leak and compensation plan
-
Yonhap: Coupang unveils 1.68 trillion-won compensation plan after data breach
-
Yonhap: Coupang unveils 1.68 trillion-won compensation plan after data breach
-
The Hindu: Coupang to compensate 1.69 trillion won for data leak affecting 33.7 million accounts
-
Yonhap: Coupang unveils 50,000-won per-customer compensation plan after massive data breach
-
Yonhap: Coupang unveils nearly 1.69 trillion-won compensation plan after data breach