Police Estimate Coupang Breach Affects Over 30 Million Users, CEO Ignores Summons
Updated (9 articles)
Police Estimate Breach Involves More Than 30 Million Accounts Police head Park Jeong‑bo told reporters that data from over 30 million Coupang accounts appears stolen, a figure far larger than the company’s own estimate; the estimate remains preliminary as authorities will verify the true scope [1]. The Seoul Metropolitan Police Agency leads the investigation, emphasizing the seriousness of the data‑security incident [1]. Police plan to examine whether Coupang deliberately downplayed the breach in public statements [1].
Coupang’s Internal Report Claims Only 3 000 Records Saved Coupang announced on Dec. 25 that a former Chinese employee accessed personal information of 33 million users but retained data for just 3 000 individuals [1]. Police now question this number, highlighting a stark discrepancy with their own 30 million‑plus estimate [1]. The probe will assess if the company intentionally minimized the incident’s magnitude, which could affect penalties [1].
Interim CEO Harold Rogers Misses Multiple Police Summonses Rogers was ordered to appear before police on Jan. 5 and Jan. 14 but failed to attend either meeting [1]. A third summons has been issued, and police may seek an arrest warrant after three ignored appearances [1]. Continued non‑appearance intensifies legal scrutiny and could lead to further action [1].
Timeline
Dec 8, 2025 – A Seoul court approves an arrest warrant for a Chinese national suspected of stealing data from Coupang, giving prosecutors the legal basis to request Chinese and Interpol assistance in his capture[6].
Dec 25, 2025 – Coupang releases its internal probe, stating a former Chinese employee exfiltrates personal information from 33 million users but “saved data for just 3,000 individuals,” a figure the police later question as a possible understatement[1].
Dec 31, 2025 – The National Assembly’s Science, ICT, Broadcasting and Communications Committee files a complaint against seven Coupang officials, including interim CEO Harold Rogers, accusing them of violating the act on testimony and appraisal before parliament[4].
Dec 31, 2025 – Rogers attends a two‑day parliamentary hearing on the breach and then departs South Korea, citing a pre‑scheduled business trip while promising to cooperate with investigators[2].
Jan 2, 2026 – The Seoul Metropolitan Police Agency launches an 86‑member special task force, led by an inspector‑general‑level officer, to pursue all Coupang‑related allegations, from the data leak to a suspected industrial‑disaster cover‑up[9].
Jan 5, 2026 – The task force announces it is examining 20 Coupang‑related cases, including three worker‑death investigations, five alleged blacklisting incidents, and internal whistleblower data, signaling a broadening of the probe beyond the breach itself[8].
Jan 6, 2026 – The Ministry of Employment and Labor publicly vows “stern action” against Coupang after allegations of illegal worker dispatch, forced layoff programs, and pressure on a deceased worker’s family, linking labor‑law enforcement to the cybersecurity scandal[7].
Jan 7, 2026 – Prosecutors formally request China and Interpol’s help to locate the former employee, while Justice Minister Jung Sung‑ho tells lawmakers that “Beijing has not replied to the extradition request,” highlighting diplomatic hurdles in the case[6].
Jan 8, 2026 – Police summon interim CEO Harold Rogers for questioning; the special task force coordinates his appearance and expands the investigation to alleged industrial‑accident cover‑up and deletion of website access logs, underscoring possible evidence‑tampering[4].
Jan 12, 2026 – Rogers misses his first police summons; a second summons follows, and authorities consider an exit ban while pledging to verify the accuracy of his National Assembly testimony[3].
Jan 13, 2026 – Rogers leaves Korea permanently, staying abroad as police inform the Ministry of Justice; officials contemplate imposing an overseas travel ban upon his return, reflecting escalating legal pressure[2].
Jan 26, 2026 – Police estimate the breach affects “more than 30 million Coupang accounts,” starkly contrasting the company’s claim of a limited impact; Rogers has now missed two summons (Jan 5 and Jan 14) and police warn they may seek an arrest warrant after a third missed appearance[1].
All related articles (9 articles)
-
Yonhap: Police say over 30 million Coupang accounts may have been breached
-
Yonhap: Coupang interim CEO leaves Korea as police summon over 33 million-user data leak
-
Yonhap: Coupang interim CEO misses first police summons in data-leak probe
-
Yonhap: Police summon Coupang interim CEO Harold Rogers as probe widens over data leak and other allegations
-
Yonhap: Police summon Coupang interim CEO Harold Rogers amid widening probe into data leak and alleged cover-up
-
Yonhap: Seoul asks China and Interpol to help find former Coupang employee tied to massive data leak
-
Yonhap: South Korea's labor ministry opens probe, vows stern action against Coupang over alleged workplace-law violations
-
Yonhap: Police investigate 20 Coupang-related cases
-
Yonhap: Police form task force to probe Coupang-related suspicions