Coupang’s delivery empire built on social trust faces reckoning after data breach

Coupang headquarters in Songpa District, Seoul, Thursday. The government is reviewing a suspension of operations for Coupang after it leaked the personal data of about 33.7 million people. Newsis

Coupang’s rise in Korea’s online retail market was built not just on technology and speed, but on a culture of social trust, in which valuables left out in public are rarely stolen.

Now, as the company, often described as "Korea’s Amazon," faces a major data breach and growing public backlash, it is accused of exploiting that communal trust while underinvesting in data security to protect its margins.

In most Korean cities, it’s common to see smartphones and laptops left unattended on café tables, or products displayed outside stores for hours without anyone touching them. Parcels are often left unattended at doorsteps for hours, even days or weeks.

That social trust became the foundation of Coupang’s contactless delivery model during and after the COVID-19 pandemic. In dense clusters of urban apartments, with few restrictions on night work and a society comfortable with sharing front-door access codes with delivery workers, the company was able to promise express and dawn delivery services for groceries and daily necessities by 7 a.m., often for orders placed with just a few taps on a phone late at night, before 11 p.m.

Unlike in many foreign markets, Coupang did not need to invest heavily in home security to make its model work.

In the United States, package theft is a costly fact of life: an estimated 104 million to 120 million packages were stolen nationwide last year, according to safety research company SafeWise. Porch pirates cost American customers roughly $15 billion over the past year, while retailers paid an even steeper price of around $22 billion, according to data collected by ZFLO Technologies.

Roughly 1 in 7 American adults has had a package stolen this year, with an average value per stolen parcel of $143, the survey said. To keep customers loyal, Amazon leans on its A-to-Z guarantee, which can cover up to $2,500 per eligible order, offers no-questions-asked refunds or replacements in many theft cases, and is supported by smart lockers, security cameras and in-garage delivery options.

In Japan, logistics companies, operating in a low-crime but traditionally face-to-face delivery culture, built precise time-slot services and are only gradually expanding unattended drop-offs and parcel lockers to reduce redeliveries. In China, carriers lean on staffed pick-up points and smart parcel stations inside residential compounds, while regulators are tightening rules to ensure couriers notify customers and obtain consent before leaving parcels at drop-off sites.

In all three markets, retailers and logistics firms pay a tangible security cost — in infrastructure, insurance and reimbursements — that is baked into the cost of doing business.

Meanwhile, Korea sits somewhere in between. Theft is rare, as in Japan and parts of China, but consumers are more willing to accept unattended deliveries at all hours, particularly in apartment buildings equipped with digital keypad locks and security cameras. Coupang exploits that environment, effectively turning the front door into an extension of its warehouse.

Packages for delivery are stacked inside a Coupang vehicle in Seoul, Dec. 1. Yonhap

"K-trust made contactless delivery possible here in a way that would be extremely costly elsewhere," historian Chun Woo-yong said. "If you feel your life has become more convenient thanks to Coupang’s dawn delivery, the people you should thank are not Coupang but your neighbors. Coupang has simply turned Koreans’ honesty and goodwill into its profit base. The privatization of public virtue is a kind of plunder."

After the company disclosed the massive leak of customer data — including names, contact information, addresses and, in many cases, the apartment entrance codes of about 33.7 million accounts, roughly two-thirds of the population — questions have shifted from speed and price to responsibility and risk.

According to data compiled from six major card issuers, Coupang’s domestic transaction count fell from about 46.8 million approvals in the two weeks before the breach announcement to roughly 44.9 million in the following two weeks — a drop of around 1.9 million payments, or 4.1 percent. Over the same period, the total approved amount fell by about 127 billion won, or 0.9 percent.

Industry mobile analytics showed that Coupang’s daily active users declined from a record of about 17.98 million on Dec. 1 to around 14.84 million by Dec. 20, indicating roughly 3 million users vanished in less than three weeks.