 |
Photo: Coupang |
[Alpha Biz= Kim Jisun] The Presidential Office in Seoul announced on December 1 that it is reviewing the introduction of punitive damages in response to the massive leak of 33.7 million Coupang customer records.
At a senior aides meeting, Kang Hoon-sik, Chief of Staff to the President, criticized Coupang’s repeated data breaches—four incidents since 2021—and urged reforms to ensure companies face punitive liability when responsibility is clear. Deputy Spokesperson Jeon Eun-su stated that Kang emphasized the “systemic vulnerability in Korea’s personal data protection structure,” noting that despite claims of strict safeguards, “back doors remained open” in an era where AI and data have become core corporate assets.
Kang added that the current punitive damages framework has not been effective in preventing large-scale data leaks and instructed officials to review measures to strengthen its enforcement.
Concerns are also rising over Coupang’s heavy reliance on Chinese developers and lax internal access controls, which allegedly contributed to the breach. According to Coupang’s global careers website and LinkedIn’s “Coupang China” page, the company maintains development teams in Shanghai, Beijing, and Shenzhen with over 270 personnel.
Online posts from individuals claiming to be Coupang employees further alleged that more than half of its developers are Chinese, with new hires consisting of roughly 80% Chinese nationals.
Documents submitted by Coupang to the National Assembly indicate that the former employee identified as the source of the breach had been responsible for internal authentication systems. He was able to access servers after leaving the company by using an “access token signing key” that remained valid due to improper renewal and deletion processes—raising criticism of organizational-level management failure rather than isolated misconduct.
Seoul Metropolitan Police said its Cyber Investigation Unit began a preliminary probe on November 21, received a complaint on November 25, and is analyzing server logs and the IP addresses used to send threatening emails. Investigators are considering multiple possibilities, including the involvement of the former Chinese national employee named by Coupang.
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
