The fallout from a massive customer data breach at South Korean e-commerce leader Coupang continues, with CEO Park Dae-jun announcing his resignation on Wednesday, December 10, over the incident. Mr. Park stated, “I deeply apologize for disappointing the public over the recent data breach,” and explained he decided to step down from all his positions to take full responsibility.
Scale of the Breach
As per Hackread.com’s earlier coverage of the incident, the leak affected 33.7 million customer accounts, a number equal to nearly two-thirds of South Korea’s total population. Coupang, which is facing a class-action lawsuit in the United States, has stated that the breach began through its overseas servers on June 24 and that the company became aware of the incident last month.
The exposed personal information includes customer names, phone numbers, email addresses, and delivery addresses. Please note that the company has repeatedly stated that sensitive data like payment details and login passwords were not compromised. The company initially reported only 4,500 affected accounts on November 20 before confirming the massive scale on November 29.
Latest Updates
The police have intensified their investigation, raiding Coupang’s Seoul headquarters twice this week to collect evidence. What we have learned so far is that authorities have issued a search warrant for a former Chinese national who worked for Coupang as a suspect in violating communications network laws and leaking confidential data.
Coupang Inc., the US-based parent company, has named Harold Rogers, its Chief Administrative Officer and General Counsel, as the interim CEO for the South Korean unit. Mr. Rogers will focus on managing the crisis and restoring trust, saying, “I know this situation has been unsettling for many.”
South Korea’s privacy watchdog, the Personal Information Protection Commission (PIPC), has also taken action. The PIPC ordered Coupang to revise its terms of service, which included a clause attempting to remove the company’s responsibility for harm from unauthorized third-party access.
Additionally, the regulator criticised Coupang for making its membership cancellation process too difficult for users. The presidential office has also called on the company to outline plans to compensate affected consumers. This incident adds to a series of recent data issues involving major Korean companies, raising serious questions about security practices.