A Record Compensation Plan Meets Public Skepticism
South Korean e-commerce giant Coupang has announced a compensation package worth 1.69 trillion won, approximately $1.17 billion, in response to one of the largest data breaches in the country’s history. The plan involves distributing purchase vouchers to 33.7 million affected users. While the financial scale of the offer is unprecedented, the strategy of using restricted company vouchers has ignited a firestorm of criticism from lawmakers, consumer advocacy groups, and customers themselves. The incident has not only raised serious questions about data security but has also sparked a debate about corporate accountability and the nature of genuine restitution in the digital age.
The breach, which exposed the personal information of nearly two-thirds of South Korea’s population, was discovered on November 18, though investigations suggest unauthorized access began months earlier. Following the disclosure, Coupang saw the resignation of its CEO, Park Dae-jun, and faced intense scrutiny from government regulators. Now, the company’s attempt to mend fences with its customer base is being derided by many as a marketing ploy rather than a sincere apology.
The Anatomy of the Breach and the Suspect
Details emerging from the investigation paint a picture of a significant security lapse that went undetected for a prolonged period. According to cybersecurity reports, the unauthorized access began on June 24, 2025. The breach was facilitated by a former employee of the company’s IT department, identified as a 43-year-old Chinese national who worked at Coupang between November 2022 and 2024.
The compromised data included sensitive personal details such as names, phone numbers, delivery addresses, and email addresses. For a subset of the affected accounts, certain order histories were also exposed. Coupang has emphasized that financial information, including banking details and payment card data, as well as login credentials, were not obtained by the perpetrator. This distinction is crucial for users worried about immediate financial theft, though the exposure of personal identifiers still poses significant risks for phishing attacks and identity fraud.
“It was confirmed that the customer information stored on the leaker’s computer was limited to 3,000 cases, which were also not circulated or sold externally,” Coupang founder and chairman Kim Bom-suk said in a statement regarding the investigation’s findings.
The investigation, which has involved assistance from cybersecurity firms like Mandiant and Palo Alto Networks, led to the recovery of the stolen data. Authorities seized the suspect’s storage devices, including hard drives and a MacBook Air laptop that had reportedly been disposed of in a river. While the company asserts that the data was not disseminated, the sheer scale of potential access has left millions of users feeling vulnerable.
Unpacking the $1.17 Billion Offer
On the surface, a compensation package totaling over $1 billion appears to be a massive corporate penalty and a significant win for consumers. Coupang announced that each of the 33.7 million affected users would receive vouchers worth 50,000 won, or about $35. This distribution applies equally to both “Wow” members, the company’s paid subscription subscribers, and general users. Even former customers who deleted their accounts following the breach notification are eligible to receive the compensation.
However, the structure of these vouchers has become the primary point of contention. Rather than providing cash or a single universal voucher, Coupang has divided the 50,000 won into four distinct coupons, each restricted to specific arms of the company’s ecosystem. The breakdown includes a 5,000 won voucher for the main shopping platform, a 5,000 won voucher for the Coupang Eats food delivery service, a 20,000 won voucher for Coupang Travel, and a 20,000 won voucher for R.LUX, the company’s luxury beauty and shopping platform.
Harold Rogers, the interim CEO for Coupang Corp., defended the plan as a necessary step to restore trust.
“We decided to establish a compensation plan worth 1.68 trillion won to take responsibility for the recent leak of personal information and to restore customer trust,” Rogers said in a press release.
He further described the move as a “responsible measure for our customers” and pledged that the company would “fulfill its responsibilities to the end.”
Critics Decry Vouchers as Marketing ‘Bait’
Despite the company’s framing, the reaction from the public and consumer advocates has been overwhelmingly negative. The core of the criticism lies in the usability of the vouchers. For a customer who primarily uses Coupang for everyday shopping, the compensation effectively amounts to only 5,000 won, or roughly $3.70. The remaining 40,000 won is tied to services like travel and luxury goods, which have higher price points and appeal to a narrower demographic.
Many critics argue that this structure effectively forces consumers to spend more money out of pocket to utilize the full value of the compensation, turning the apology into a revenue-generating scheme. The People’s Solidarity for Participatory Democracy, a prominent civic group, did not mince words in their assessment, calling the plan a “trick to boost Coupang’s revenue.”
“Providing 20,000 won vouchers that can only be used for Coupang’s least popular services such as Coupang Travel and R.LUX is another scheme to expand its market share in travel booking and luxury shopping,” the civic group stated.
This sentiment was echoed by politicians who are preparing for parliamentary hearings on the matter. Lawmakers have pointed out that for many users, services like Coupang Travel are unknown or irrelevant, making the bulk of the compensation useless. Representative Choi Min-hee of the ruling Democratic Party, who chairs the National Assembly’s Science, ICT, Broadcasting, and Communications Committee, criticized the company for attempting to turn a crisis into an opportunity.
A Crisis of Leadership and Trust
The fallout from the data breach extends beyond the compensation package and has deeply impacted Coupang’s leadership structure. The controversy led to the resignation of CEO Park Dae-jun earlier this month, with Harold Rogers stepping in as interim CEO. However, it is the absence of the company’s founder, Kim Bom-suk, that has drawn the sharpest ire from the public and government officials.
Kim Bom-suk, who also serves as the chairman, issued a written apology on Sunday, nearly a month after the breach was revealed. In his statement, he admitted that the company had failed to communicate clearly from the outset. He acknowledged that his decision to delay a public apology until all facts were confirmed was a “poor judgment.”
“In retrospect, this was a poor judgment. While Coupang worked tirelessly to resolve the situation, I should have expressed my deepest regrets and sincere apologies from the beginning. My heart has been heavy ever since I first learned of the data breach,” Kim said.
Despite this expression of regret, Kim has declined to attend the National Assembly’s hearings, citing his residence and business abroad as the reason. This absence has frustrated lawmakers who are seeking direct answers from the top leadership regarding the security failures and the company’s subsequent handling of the crisis.
Regulatory Scrutiny and Potential Penalties
As Coupang navigates the court of public opinion, it is also facing a multi-agency government investigation. The pan-governmental task force on the Coupang case, chaired by Deputy Prime Minister and Minister of Science and ICT Bae Kyung-hoon, has warned that the company could face severe consequences. The task force is coordinating efforts between the National Police Agency, the Personal Information Protection Commission, and the Financial Services Commission.
The Fair Trade Commission is specifically examining whether Coupang’s response, including the controversial voucher plan, sufficiently addresses consumer harm. This assessment will play a key role in determining whether the company faces a business suspension. The government has made it clear that the leak of data belonging to more than 30 million users is a clear violation of Korean law.
The regulatory pressure is not limited to the data breach itself. South Korea’s media and telecoms regulator has also opened an investigation into whether Coupang unlawfully restricted users’ ability to delete their accounts after the breach was disclosed. If the company is found to have made the account deletion process unnecessarily difficult during a time of panic, it could face additional penalties for violating telecoms laws and consumer rights.
Market Reaction and the Financial Outlook
Interestingly, the market’s reaction to the $1.17 billion compensation plan has been relatively muted. Coupang shares rose modestly, gaining 0.7% in midday trading following the announcement. This suggests that investors may view the voucher plan as a manageable cost of doing business, one that avoids the potentially higher costs of cash compensation or regulatory fines.
For context, Coupang posted a net income of $95 million in its most recent reported quarter. The $1.17 billion charge represents a significant financial hit, dwarfing its quarterly profits. Investors are now closely watching how these costs, along with potential regulatory penalties, will impact the company’s earnings in the coming quarters. The company has already warned that it could face higher expenses related to litigation and remediation efforts.
The stock’s resilience indicates that the market may be pricing in the worst of the news, assuming that the compensation plan will help close the chapter on this incident. However, the ongoing parliamentary hearings and the threat of a business suspension introduce variables that could still disrupt the company’s trajectory.
The Bottom Line
Coupang’s attempt to resolve the crisis with a massive voucher package has backfired, creating a new PR nightmare just as the company hoped to move forward. The debate over cash versus credit compensation highlights a growing tension between corporate cost-saving measures and consumer rights in the digital era. As the National Assembly hearings commence, the company faces a difficult path to regaining the trust of millions of South Koreans.
- The breach affected 33.7 million users, compromising names, addresses, phone numbers, and emails.
- Coupang is offering 50,000 won ($35) in vouchers per affected user, totaling $1.17 billion.
- The compensation is split into four parts, with 40,000 won restricted to travel and luxury services.
- Lawmakers and consumer groups criticize the vouchers as a marketing tool rather than real compensation.
- Founder Kim Bom-suk apologized but refused to attend parliamentary hearings regarding the incident.
- Government agencies are investigating the breach and Coupang’s response, with potential business suspension looming.
