Coupang CEO Resigns After Massive Data Breach Exposes Personal Data of Millions
In a stunning development that has sent shockwaves through South Korea’s corporate and technology landscape, Park Dae-jun, the chief executive of Coupang, the country’s largest e commerce company, has officially stepped down in the wake of one of the most significant data breaches in the nation’s history. The incident has not only shaken public confidence in one of the region’s most influential tech brands but also intensified scrutiny on corporate cybersecurity practices, regulatory oversight, and consumer privacy protections.
The breach, which was publicly confirmed in late November 2025, has been linked to the personal information of approximately 33.7 million customers, a figure that represents nearly two thirds of South Korea’s population. The leaked data includes full names, email addresses, phone numbers, delivery addresses, and order histories. Coupang has stressed that critical financial information such as credit card details and login credentials were not compromised.
Park’s resignation underscores the gravity of the situation and reflects mounting pressure from customers, the government, regulatory bodies, and legal advocates who have demanded accountability for the breach and its management.
A Breach With Far Reaching Consequences
The events that led to this dramatic leadership change began earlier in 2025. According to internal reports and police statements, unauthorized access to Coupang’s systems began as early as June 24, but the activity went undetected by the company’s security teams until November 18, nearly five months later. This prolonged period of undetected access allowed a staggering amount of personal information to be extracted without timely intervention.
At the time the breach was first acknowledged publicly, Coupang initially reported that only around 4,500 customers might have been affected. That figure was quickly revised, first into the millions and then into the tens of millions as deeper investigations revealed the full scale of the unauthorized access. The eventual disclosure that nearly 34 million user records were compromised marked one of the most extensive data exposures ever reported by a private company in South Korea.
The breach’s revelation prompted swift action from law enforcement agencies. In early December 2025, Seoul police conducted a raid on Coupang’s headquarters in the Songpa district, seizing internal servers, logs, and other digital evidence as part of a broad cybercrime investigation. Authorities have indicated that the unauthorized access may be linked to a former employee with internal access, a detail that has further fueled public outrage over perceived internal security failures.
Park Dae-jun’s Resignation and Interim Leadership
In an official company statement delivered on December 10, 2025, Park Dae-jun announced his resignation, citing a “deep sense of responsibility” for both the breach itself and the company’s response following its discovery. Park apologized to the public, acknowledging that the incident had betrayed customer trust and fallen short of the standards expected by users and regulators.
Park’s resignation was effective immediately, and Coupang’s U.S. parent corporation, Coupang Inc., appointed Harold Rogers as the interim chief executive. Rogers, who served as the chief administrative officer and general counsel for the parent company, is expected to lead the organization through crisis management and stabilization efforts. His background includes senior roles at major law firms and a focus on compliance and risk mitigation, making him a logical choice for navigating the complex legal and regulatory fallout from the breach.
Under Rogers’ temporary leadership, Coupang has pledged to address customer concerns more directly, strengthen its cybersecurity infrastructure, and work diligently to restore public confidence. The company has publicly stated its intention to improve data protection mechanisms and ensure that an incident of this magnitude cannot recur.
Government and Public Reaction
The data breach and leadership shakeup have drawn sharp responses from South Korean government officials. Prime Minister Kim Min-seok has promised a thorough investigation into the breach and said that authorities will pursue legal measures against Coupang if violations of data protection laws are confirmed. Government leaders have emphasized that corporate negligence must not be tolerated, especially when the personal information of millions is at stake.
President Lee Jae Myung has also publicly criticized the company’s delayed detection and response, calling for stricter enforcement of cybersecurity regulations and corporate penalties to deter future lapses. Lawmakers have scheduled hearings with current and former Coupang executives, including the company’s founder, to provide answers on why the breach was not detected sooner and how internal controls failed to prevent unauthorized access.
Members of the National Assembly’s Science, ICT, Broadcasting and Communications Committee have summoned several executives to testify, illustrating broad political concern about data safety and corporate accountability in the era of digital commerce.
Customer Impact and Market Backlash
For consumers, the breach has been deeply unsettling. While crucial financial data such as credit card numbers and passwords were reportedly spared, the leakage of personal contact information, addresses, and order histories still poses a substantial risk. Security experts warn that such data could be used in targeted phishing campaigns, identity theft, or other forms of fraud if exploited by malicious actors.
Since the breach announcement, independent data from market analysts has shown a notable decline in active daily users of Coupang’s platform. Competitive e commerce sites, including domestic rivals and regional marketplaces, have experienced slight upticks in user engagement as customers consider migrating away from a platform that has failed to protect their data.
Wall Street has also responded. Shares of Coupang, trading on the New York Stock Exchange under the symbol CPNG, saw significant volatility in the immediate aftermath of the breach, with stock prices falling sharply as investors reacted to the news. The company’s reputation and financial performance are now under intense scrutiny, with analysts warning that prolonged uncertainty around legal exposure and customer trust could continue to weigh on its market valuation.
Legal and Regulatory Challenges
The legal consequences of the breach are already emerging on multiple fronts. Law firms both in South Korea and the United States have announced investigations and potential class action lawsuits on behalf of affected customers. Claims may seek punitive damages and allege that Coupang failed in its duty to implement reasonable safeguards for personal data.
Under South Korea’s Personal Information Protection Act (PIPA), regulators have the authority to impose significant fines if they determine that a company did not take sufficient measures to protect user data. Maximum penalties could reach substantial amounts, potentially in the hundreds of billions of Korean won, depending on the severity of the breach and the findings of regulatory inquiries.
Investigators have also uncovered troubling details about how the breach occurred. Reports suggest that an authentication key used by an internal developer was left active even after that individual had left the company. This mismanagement of access privileges allowed unauthorized access for months without detection, highlighting weaknesses in internal cybersecurity governance.
Broader Lessons on Cybersecurity and Corporate Governance
The Coupang breach is not only a story about one company’s failure; it serves as a teachable moment for the broader corporate world in an age where data is among the most valuable assets a business holds. As digital platforms continue to amass massive troves of customer information, the expectations for robust cybersecurity protocols and rapid breach detection mechanisms have never been higher.
Experts argue that proactive measures such as continuous monitoring, multi factor authentication for all sensitive access points, regular auditing of internal credentials, and real time threat detection systems should be standard practice for companies with large customer databases. A failure to adopt such measures, they say, almost guarantees increased risk over time.
Moreover, the political response in South Korea reflects a growing trend around the world where data protection has become a matter of national security. Governments are beginning to demand not just transparency but accountability, and are prepared to compel companies to answer for lapses that affect tens of millions of citizens.
Rebuilding Trust and Looking Ahead
For Coupang, the path forward will be defined by how effectively it addresses the lingering fallout. Under interim CEO Harold Rogers, the company has outlined plans to enhance its cybersecurity infrastructure, reassess internal controls, and institute more rigorous compliance and governance practices. Rogers has stated that restoring trust among customers and shareholders is the organization’s foremost priority.
Coupang has also pledged to cooperate fully with law enforcement, regulators, and independent cybersecurity experts to ensure a comprehensive understanding of how the breach occurred and how similar incidents can be prevented. Whether these efforts will be sufficient to restore confidence among consumers remains an open question.
Some long time users, despite their concern, have indicated that they will continue to use the service due to its convenience and integration into their daily lives. Others are considering alternatives, reflecting a broader market shift that could change South Korea’s e commerce landscape if the breach’s effects prove long lasting.
The abrupt resignation of Coupang’s CEO in the wake of a massive data breach underscores just how critically cybersecurity and data stewardship are viewed by customers, regulators, and political leaders alike. What began as an operational failure has grown into a full scale corporate crisis with economic, legal, and reputational ramifications that will be felt for years.
As investigations continue and legal proceedings unfold, Coupang’s experience may well serve as a watershed moment for digital privacy, corporate responsibility, and how nations enforce data protection standards. The incident has already catalyzed debate across boardrooms and government chambers alike, and its legacy is likely to shape how online platforms protect customer information into the next decade.