Lee Gyu-lee is a business writer at The Korea Times, focusing primarily on IT & telecommunications, the Ministry of Trade, Industry and Energy and KOTRA. Prior to this, she has covered a wide range of cultural news, from film, television and K-pop to lifestyle and fashion.
Coupang founder to be summoned over data breach
Consumers hold a press conference outside Coupang’s headquarters in Seoul, Tuesday, to protest the company’s recent data breach. Yonhap
By Lee Gyu-lee
The National Assembly’s Science, ICT, Broadcasting, and Communications Committee will summon Coupang founder and Chairman Kim Bom-suk, also known as Bom Kim, as the key witness at a Dec. 17 hearing into his company’s massive personal data breach.
The committee approved the hearing during a meeting on Monday, determining that Coupang’s responses in the initial emergency questioning on Dec. 2 were insufficient.
“We decided to adopt the proposal for a hearing to address unresolved suspicions that remain despite previous questioning,” said Rep. Choi Min-hee, who chairs the committee.
A total of nine witnesses and five expert witnesses will be summoned for the hearing. Six Coupang executives are on the list, including Kim, Coupang Corp. CEO Park Dae-jun, former CEO Kang Han-seung, who is now head of the company’s North American operations, and Chief Information Security Officer Brett Matthes.
Government officials have also been called to testify, including Science Minister Bae Kyung-hoon and Korea Internet & Security Agency (KISA) President Lee Sang-joong. Expert witnesses include the head of the Personal Information Protection Commission, along with academic and industry cybersecurity experts.
The committee has demanded that Coupang and related authorities submit 422 documents by Friday. During the hearing, it plans to verify the facts surrounding the breach, assess Coupang’s response and examine any potential legal or procedural violations.
Coupang founder Bom Kim poses in front of the New York Stock Exchange in New York City, March 11, 2021, the day the company was listed. AP-Yonhap
The e-commerce giant’s massive data breach, which compromised the personal information of 33.7 million users, surfaced on Nov. 29. The leaked information included the names, email addresses, phone numbers, delivery information and purchase histories of nearly the entire customer base. It was allegedly taken by a former employee who still had access to the company's internal systems.
During the emergency questioning last week, the committee strongly rebuked Coupang’s crisis response and communication practices, noting that it referred to the incident as a data “exposure” in the company’s notice rather than a breach, which undermined the gravity of the situation.
Coupang later corrected its terminology and issued an updated customer notice after facing backlash from the public.
The company also faced a search and seizure operation as authorities intensified their investigation. The Seoul Metropolitan Police Agency said its cyber investigation unit visited Coupang’s headquarters in Songpa District on Monday morning to seize digital evidence.
The police had previously been investigating server log records and other materials voluntarily submitted by Coupang. With the evidence obtained from the search and seizure, investigators plan to analyze the confiscated hard drives and internal documents to determine whether any illegalities or negligence occurred in Coupang’s handling of customer information.
Coupang has seen a noticeable drop in users since the breach. According to industry tracker IGAWorks, daily active users fell to 15.94 million on Saturday — down more than 2 million from the previous day’s all-time high of 17.99 million, when many users logged in to check their accounts, change passwords or explore how to delete their profiles.