Coupang Chief Executive Resigns as Data Breach Exposes 33 Million Customers

Coupang announced on Dec. 10 that Chief Executive Park Dae Jun had resigned after investigators concluded that a major data breach had compromised the personal information of approximately 33 million customers. The company said the breach is believed to have begun in June and exposed names, email addresses, phone numbers, shipping addresses and some order histories, but did not include payment credentials or account passwords.

Harold Rogers, chief administrative officer of Coupang's U.S. parent, will serve as interim chief executive while the company and South Korean authorities continue to investigate the scope and cause of the intrusion. Coupang issued a public apology and said it would strengthen cybersecurity measures as police and regulators press for answers.

The incident prompted a raid by South Korean police and has elicited an intensifying regulatory and political response. Prime Minister Kim Min seok pledged a thorough investigation and warned of possible legal action if laws were broken. The government response signals heightened scrutiny for data handling practices at large technology companies and could prompt enforcement under South Korean privacy and consumer protection statutes.

Coupang is South Korea's largest online retailer and serves tens of millions of customers. A breach affecting roughly 33 million accounts represents a substantial portion of the country and raises concerns about the potential for misuse of exposed information. Even without payment credentials or passwords, names, contact details and order histories can be used to facilitate scams, targeted phishing campaigns and identity fraud.

Company officials said investigators determined the extent of the exposed data and that the intrusion likely began in June. Authorities did not immediately identify the source of the breach or any perpetrators. The police raid was part of a broader law enforcement effort to collect evidence and identify responsible parties. Prosecutors and regulators are expected to examine whether Coupang complied with mandatory notification rules and data protection requirements.

The resignation of Park marks a swift executive consequence as the company seeks to restore public confidence. Bringing in an interim leader from the parent organization signals a desire for rapid stabilization and operational oversight while a permanent replacement is sought. Investors and customers will be watching whether management changes are accompanied by measurable improvements in cybersecurity posture and transparency about remedial steps.

For customers, the immediate priority will be clarity on what information was exposed and guidance on protective actions. Coupang said it would accelerate security upgrades and work with authorities, but did not publish a detailed timeline for remediation or offer specifics on monitoring or compensation for affected users.

The unfolding investigation could have broader implications for corporate accountability in South Korea's technology sector. Regulators may look to set clearer expectations around data security practices and incident response, and courts could be asked to weigh penalties if the inquiry finds statutory violations. For now, the resignation underscores the political and reputational costs of a large scale breach and highlights the continuing challenges firms face in defending sensitive consumer data.