The Latest Revelation: Another 165,000 Users Affected
On February 5, 2026, Coupang confirmed that an additional 165,000 customers had their personal information compromised in the massive data breach that has already shaken South Korean society and trans-Pacific diplomatic relations. The Seattle-based e-commerce giant, often called the “Amazon of South Korea,” revealed that these newly identified victims join the previously disclosed 33.7 million users whose data was exposed in what authorities have described as the largest corporate data leak in Korean history.
- The Latest Revelation: Another 165,000 Users Affected
- From Corporate Scandal to Diplomatic Flashpoint
- The Breach That Went Undetected for Months
- Washington’s Pressure Campaign
- Investors Invoke Trade Agreement
- Seoul Draws a Line
- Regulatory Net Tightens
- The Federal Reserve Connection
- Domestic Backlash and Sovereignty Concerns
- Key Points
The company emphasized that the leaked information included contact details such as names, phone numbers, and addresses, but excluded payment details and login credentials. Coupang stated it has notified affected users following government guidance, attempting to contain the fallout from a breach that has spiraled far beyond a domestic cybersecurity failure into a full-blown international trade dispute.
From Corporate Scandal to Diplomatic Flashpoint
What began as an internal security failure has rapidly metastasized into a threat to the seven-decade alliance between Seoul and Washington. Wi Sung-lac, South Korea’s presidential national security adviser, told the Kyunghyang daily in a published interview on February 5 that the Coupang issue is actively undermining multiple pillars of the bilateral relationship, including trade and security cooperation.
The controversy has created rare friction between the treaty allies at a delicate moment. President Donald Trump’s administration recently announced a hike in tariffs on South Korean automobiles and other imports from 15 percent to 25 percent, a move Wi explicitly linked to the Coupang dispute alongside other regulatory tensions affecting American technology firms. The tariff threat has placed South Korean President Lee Jae Myung’s administration in a precarious position, forcing Seoul to balance domestic demands for accountability against pressure from Washington to ease regulatory scrutiny of the American-listed company.
The Breach That Went Undetected for Months
The origins of this crisis trace back to November 2025, when Coupang disclosed that personal data belonging to 33.7 million customers, approximately two-thirds of South Korea’s population, had been compromised. The company later revealed that the breach had gone undetected for five months, compounding public outrage over both the scale of the exposure and the delayed response.
Investigators later identified a former Coupang employee based in China as the perpetrator. The individual allegedly gained unauthorized access to customer databases containing names, phone numbers, home addresses, and email addresses. While Coupang has insisted that only about 3,000 records were actually transmitted or retained by the actor, with no data passed to third parties, South Korean authorities have cited the full 33.7 million figure as the scope of exposure, creating a significant dispute over the true scale of the damage.
The reaction within South Korea was immediate and severe. The National Assembly launched a multi-committee probe examining not only data protection failures but also Coupang’s corporate governance and labor practices. When founder and chairman Kim Beom-seok, a U.S. citizen, declined to appear before the parliamentary hearing despite being summoned, sending interim CEO Harold Rogers instead, lawmakers accused the company of disrespecting democratic institutions. The public dismissal of Coupang’s record 1.69 trillion won ($1.17 billion) compensation package as a superficial gesture underscored the depth of anger over what many Koreans view as corporate negligence by a foreign entity extracting vast profits while failing to protect local consumers.
Washington’s Pressure Campaign
Facing regulatory pressure in Seoul and potential fines reaching 1 trillion won ($770 million) under South Korea’s Personal Information Protection Act, Coupang launched an aggressive influence operation in Washington that has fundamentally altered the nature of the dispute. The company has spent $10.75 million on lobbying efforts over the past five years, targeting the executive branch and Congress to reframe the investigation as discriminatory treatment of an American enterprise.
The lobbying campaign has yielded powerful allies. U.S. Vice President J.D. Vance personally warned South Korean Prime Minister Kim Min-seok during a White House meeting on January 23 against penalizing American technology firms, expressing hope the dispute could be resolved fairly to avoid bilateral tension. The intervention represents an extraordinary elevation of a corporate regulatory matter to the highest levels of diplomatic engagement.
Congressional Republicans have echoed Coupang’s grievances with increasing stridency. Representative Adrian Smith, chair of the House Ways and Means Committee’s Trade Subcommittee, asserted on January 13 that South Korea “continues to pursue legislative efforts explicitly targeting U.S. companies,” citing Coupang as a primary example. Representative Scott Fitzgerald characterized the Korean government’s actions as a politically motivated witch hunt. Following Trump’s tariff announcement, the House Judiciary Committee Republicans posted on social media that “this is what happens when you unfairly target American companies like Coupang,” explicitly connecting trade retaliation to the data breach investigation.
Unfortunately, it’s my observation that Korea continues to pursue legislative efforts explicitly targeting U.S companies… One example would be Coupang through discriminatory regulatory actions.
James Heller, the chargé d’affaires at the U.S. Embassy in Seoul, further pressed the issue by sending a letter to South Korean authorities urging adherence to a joint fact sheet affirming that U.S. companies should not face discrimination or unnecessary barriers in digital services. The accumulation of official pressure has convinced many observers in Seoul that the tariff hike represents direct retaliation for the Coupang probe, despite official denials from both capitals.
Investors Invoke Trade Agreement
The conflict entered a new legal phase when two major U.S. investors, Greenoaks Capital and Altimeter Capital, filed a Notice of Intent to Arbitrate against the South Korean government under the U.S.-Korea Free Trade Agreement (KORUS). The investors, who hold substantial stakes in Coupang including more than $1.4 billion in shares for Greenoaks alone, accuse Seoul of violating fair treatment standards and discriminating against an American company to benefit domestic competitors like Naver and Chinese firms.
The arbitration filing alleges that Korean authorities have conducted repeated raids, blocked contracts, and publicly threatened punitive actions against Coupang, describing the investigation as a pretext to try and eliminate a successful U.S. company’s ability to compete. The petition likened Seoul’s actions to those of totalitarian adversaries like Venezuela or Russia and claimed current losses run into hundreds of millions of dollars with potential future losses in the tens of billions.
The investors have framed the dispute in explicitly political terms, accusing President Lee and the ruling Democratic Party of embracing an anti-U.S., pro-China stance and citing Lee’s past controversial remarks regarding U.S. Forces Korea. They argue that recent cabinet appointments of former Naver executives created the conditions for regulatory action designed to dismantle Coupang’s market position.
Coupang has attempted to distance itself from its investors’ aggressive tactics, issuing a statement that the arbitration filing was unrelated to the company itself and emphasizing that it remains fully cooperating with all government investigations. However, the company acknowledged that Chairman Kim issued an apology in the face of this relentless campaign from the Government, suggesting the pressure has forced concessions from the executive suite.
Seoul Draws a Line
South Korean officials have mounted a coordinated defense of their regulatory actions, insisting that the investigation represents standard law enforcement rather than economic nationalism. Prime Minister Kim Min-seok directly rebutted discrimination allegations during his Washington visit, telling U.S. lawmakers that there is absolutely no discrimination against Coupang and that the U.S.-Korea relationship is based on trust, so there is no need to worry about discriminatory treatment.
Trade Minister Yeo Han-koo reinforced this message during meetings with U.S. Trade Representative Jamieson Greer at the World Economic Forum in Davos, explaining that the probe proceeds in a non-discriminatory and transparent manner in the same way we would have done against any Korean company that had a data leak. Yeo emphasized that the investigation concerns a serious security breach affecting millions of citizens, combined with delayed reporting and unverified claims directed at national leaders, factors that would trigger scrutiny regardless of the company’s nationality.
The government is currently conducting an investigation in a non-discriminatory and transparent manner in the same way we would have done against any Korean company that had a data leak, not because it is an American company.
Foreign Minister Cho Hyun dismissed speculation linking the Coupang case to Trump’s tariff hike during a January 28 seminar in Seoul, stating that interpreting the trade action as connected to the data breach probe is not only inaccurate but would unnecessarily lower our own negotiating position. President Lee Jae Myung has taken a harder line domestically, calling for tough penalties for negligence over data breaches and declaring that the case should serve as a wake-up call for corporate accountability, signaling no immediate retreat from regulatory scrutiny.
Regulatory Net Tightens
Beyond the data protection investigation, South Korea’s Fair Trade Commission has expanded its scrutiny of Coupang’s business practices, deploying more than 30 investigators across three divisions in a probe entering its third week. The FTC is examining allegations that Coupang pressured partner merchants to convert best-selling products into its private-label lines and manipulated algorithms to prioritize its own offerings over competitors’ products.
Regulators are also reviewing whether Chairman Kim should be designated as the company’s Same Person under Korean antitrust framework, a key controlling shareholder designation that would trigger additional regulatory obligations. Additionally, the commission is scrutinizing Coupang’s WOW Membership program, which bundles delivery and streaming services, for potential market dominance abuse that could trigger penalties of up to 6 percent of related revenue.
The formation of a rare intergovernmental task force comprising seven agencies including the National Intelligence Service, the Financial Services Commission, and the National Police Agency underscores the gravity Seoul attaches to the case. The potential 1 trillion won fine under data protection laws would represent the largest such penalty in Korean history, a prospect that has galvanized Coupang’s American investors into their unprecedented arbitration gambit.
The Federal Reserve Connection
The controversy has ensnared another high-profile American figure, creating potential complications for the Trump administration’s economic policy. Kevin Warsh, the president’s nominee to lead the Federal Reserve, has served on Coupang’s board since October 2019, earning over $1 million in compensation, including nearly $325,000 annually since 2022.
The Federal Reserve Act requires Board of Governors members to devote their entire time to the business of the Board, effectively barring outside employment. While new members have six months to achieve compliance, Warsh’s substantial financial ties to a company at the center of an international trade dispute raise questions about potential conflicts of interest. Federal Reserve rules also prohibit members from holding positions in banks or banking institutions, though e-commerce platforms occupy a regulatory gray area distinct from traditional banking.
The White House has not commented on whether Warsh would be required to divest Coupang holdings prior to confirmation, nor has Warsh responded to inquiries about his intentions regarding the board position. The nomination places a Coupang insider at the helm of American monetary policy while the company lobbies the U.S. government to pressure Seoul, creating an unusual intersection of central banking and international trade diplomacy.
Domestic Backlash and Sovereignty Concerns
Within South Korea, civic groups have pushed back against what they perceive as American interference in domestic legal processes. The Korean American Public Action Committee issued a statement urging Coupang not to cover up the truth by using political lobbying and a US congressional hearing and warning against causing bilateral conflict to pursue its own interests.
The committee demanded substantive and responsible compensation for breach victims and transparent disclosure of the leak’s full scope, reflecting widespread public sentiment that Coupang’s $1 billion voucher offering represents inadequate restitution for the exposure of two-thirds of the nation’s population. Consumer advocates have criticized the compensation as a temporary public relations maneuver rather than a genuine remedy for systemic security failures.
The dispute has become a test case for South Korea’s digital sovereignty in an era of platform capitalism dominated by American and Chinese giants. Seoul’s insistence that the investigation follows domestic law rather than trade negotiations represents an assertion of regulatory autonomy that conflicts with Washington’s expectation of preferential treatment for U.S.-listed firms operating abroad. As President Lee navigates his first major bilateral crisis since taking office, the outcome will likely establish precedents for how Korea balances foreign investment protection with consumer protection and national jurisdiction over data governance.
Key Points
- Coupang confirmed on February 5, 2026, that an additional 165,000 users were affected by the data breach, bringing total exposure to roughly 33.9 million customers, or about two-thirds of South Korea’s population.
- The breach, which went undetected for five months, was allegedly perpetrated by a former Coupang employee based in China who accessed names, phone numbers, addresses, and email addresses.
- The investigation has escalated into a bilateral dispute, with U.S. Vice President J.D. Vance and congressional Republicans pressuring Seoul to ease regulatory scrutiny, while South Korean officials deny discrimination and defend the probe as standard law enforcement.
- U.S. investors Greenoaks Capital and Altimeter Capital filed arbitration claims under the KORUS FTA, alleging discriminatory treatment and seeking compensation for losses they claim run into the billions.
- President Trump’s recent tariff hike on South Korean goods from 15 percent to 25 percent has been linked to the Coupang dispute by South Korea’s national security adviser, though both governments officially deny the connection.
- Federal Reserve nominee Kevin Warsh has earned over $1 million serving on Coupang’s board since 2019, creating potential conflict of interest questions as the company lobbies Washington for intervention.
- South Korea has formed a seven-agency task force to investigate the breach, with potential fines reaching 1 trillion won ($770 million), which would be the largest data protection penalty in Korean history.
