Coupang’s huge information breach in South Korea has now turn out to be a geopolitical flashpoint as a rising variety of the corporate’s U.S. buyers take authorized motion in opposition to the South Korean authorities.
What started as a regulatory investigation into information safety failures has expanded right into a broader dispute over alleged unfair remedy of the U.S.-headquartered firm.
Whereas Coupang — which operates in South Korea, Taiwan, and Japan — is sometimes called the “Amazon of South Korea,” its worldwide headquarters are literally in Seattle, Washington.
The corporate’s buyers are actually in search of worldwide arbitration below the Korea–U.S. Free Commerce Settlement (FTA). On Jan 23, 2026, U.S. funding companies Greenoaks and Altimeter filed a notice with South Korea’s Ministry of Justice, saying they suffered losses from what they characterised as the federal government’s discriminatory investigation into the info breach. They stated they plan to pursue investor–state dispute settlement (ISDS) arbitration below the Korea–U.S. FTA.
South Korea’s Ministry of Justice said Thursday that three extra buyers together with Abrams Capital, Sturdy Capital Companions, and Foxhaven Asset Administration have now joined the case. They’re alleging the federal government acted unlawfully towards the e-commerce firm.
To recap the incident: In December, Coupang disclosed that almost 34 million Korean clients’ private info had been leaked in an information breach that had been occurring for greater than 5 months. The breach concerned buyer names, e-mail addresses, cellphone numbers, transport addresses, and sure order histories, the corporate stated.
Whereas different tech breaches in Korea resulted in much less extreme penalties, Coupang has confronted extraordinary authorities stress. The federal government reportedly threatened massive fines, suspension of operations, and travel bans for executives whereas, Coupang’s buyers allege, trying to block public communication and misrepresenting the breach.
Techcrunch occasion
Boston, MA
|
June 23, 2026
Korea’s Private Data Safety Fee (PIPC) stated that greater than 30 million Coupang accounts had been uncovered — however the details level to simply 3,000 affected accounts, in accordance with Coupang’s buyers.
In December, South Korea’s authorities and the PIPC said the Coupang breach was severe sufficient to justify increased fines. Underneath present legislation, penalties are capped at 3% of income, greater than $800 million for Coupang, in accordance with the U.S. buyers, however some lawmakers have proposed elevating the restrict to 10% and making use of it retroactively.
Even when the brand new legislation passes, it wouldn’t apply to Coupang, because the breach occurred earlier than the foundations modified. However a Democratic Occasion lawmaker within the nation steered imposing punitive fines, via both new laws or a particular parliamentary act, and PIPC backed the thought, per news reports. South Korean President Lee Jae Myung additionally publicly called for heavy penalties, suggesting the corporate had not confronted enough penalties.
Based mostly on the notice of intent filing launched by the buyers’ authorized advisor, the buyers argue that the South Korean authorities’s actions represent an “unprecedented assault” on Coupang. Within the submitting, they argue:
“The Authorities’s unprecedented assault on a U.S. firm to profit its Korean and Chinese language opponents is an egregious violation of the Treaty, ideas of worldwide legislation, and the historic partnership between Korea and america….. the Authorities’s stunning conduct has left the U.S. buyers with no selection. If the Authorities doesn’t instantly stop its assaults in opposition to Coupang, absolutely restore the corporate’s skill to function its enterprise, and completely finish its longstanding marketing campaign of discrimination in opposition to the corporate, then the U.S. buyers shall be pressured to hunt billions of {dollars} in damages from Korea to guard their investments in Coupang and treatment the Authorities’s ongoing Treaty violations, together with attemped expropriation.”
The submitting is a preliminary, pre-litigation step. South Korea’s Ministry of Justice is now reviewing the discover of intent, which kicks off a mandatory 90-day consultation period earlier than formal arbitration can start.
Coupang, Abrams Capital, and Foxhaven Asset Administration didn’t reply to TechCrunch’s request for remark. Sturdy Capital Companions couldn’t be reached.
Based on the buyers’ submitting, South Korea’s dealing with of knowledge breaches has been inconsistent, particularly citing different current information breaches in South Korea, together with KakaoPay, SK Telecom, Upbit, and Alibaba’s AliExpress.
KakaoPay reportedly transferred 54 billion buyer information to Alipay Singapore, but confronted only a $10 million fine and a CEO warning, whereas SK Telecom was fined $91 million after a large SIM card breach. Upbit and AliExpress additionally noticed minimal authorities motion. The buyers say these examples underscore the stark distinction with the federal government’s response to Coupang.
South Korea’s Ministry of Science and ICT stated Wednesday that the Coupang information breach was carried out by a former worker who had labored on the corporate’s authentication methods and was conscious of vulnerabilities in each the authentication framework and key administration system.
The Ministry alleges that Coupang did not report the breach to the Korea Web & Safety Company (KISA) inside 24 hours and didn’t absolutely implement a November 2025 information preservation order, resulting in the deletion of key internet and app entry logs. The ministry has referred the matter to investigators and ordered Coupang to submit a prevention plan by February 2026, with compliance monitored via July.
Coupang released a statement, saying that the worker, a Chinese language nationwide, accessed information from over 33 million accounts however retained solely about 3,000 earlier than deleting it, and that no delicate data equivalent to fee information, passwords, or authorities IDs was accessed.
Coupang additionally changed its CEO, Dae-jun Park with Harold Rogers, its U.S. guardian’s high lawyer, in December.
Adam Farrar, senior affiliate at CSIS and senior geoeconomics analyst for APAC at Bloomberg, stated on Tuesday’s Impossible State podcast that what started as a significant information breach involving Coupang has grown right into a broader concern between america and South Korea.
Farrar stated that the case is amplifying broader U.S. claims of unfair remedy towards American expertise companies, elevating commerce and tariff dangers for South Korea as the U.S. Congress turns into more and more engaged.
“The huge information breach [by Coupang] led to a sequence of investigations within the Nationwide Meeting and a few very combative forwards and backwards with Coupang and a sequence of executives over the previous a number of months,” Farrar stated within the podcast. “The extra dynamic right here is that Coupang, whereas driving virtually all of its earnings from Korea, is now a US-based firm that provides to the dynamic on either side, impacting how they’re perceived and seen.”
The problem extends past Coupang, elevating broader questions on whether or not South Korea is unfairly focusing on U.S. firms, Farrar continued.
Critics level to digital insurance policies they are saying favor home companies, together with community utilization charges on content material suppliers like Netflix, Apple’s App Retailer and Google Play fee guidelines and information localization necessities that restrict providers like Google Maps on nationwide safety grounds.
