Coupang, Inc., the South Korea-based e-commerce giant listed on the New York Stock Exchange under the ticker CPNG, saw its share price climb on Friday following the release of details clarifying the nature of its investigation into a significant customer data breach. Contrary to earlier speculation that the company managed the probe independently, Coupang confirmed that the inquiry into the suspected data leak of a former employee was executed in direct collaboration with government authorities.
On December 9, the South Korean government directed Coupang to initiate contact with the former employee involved in the case, according to a report from Yonhap News Agency. Subsequently, on December 21, Coupang handed over critical digital assets—including the former employee’s desktop hard drive and laptop—to law enforcement officials. Shortly thereafter, on December 23, the company submitted an extensive report detailing meetings with the suspect, along with all evidence compiled during the investigation, to the governmental agencies overseeing the matter.
Coupang initially disclosed the data breach earlier this month, revealing that nearly 33.7 million users were impacted. The data compromised included personally identifiable information such as names, email addresses, delivery addresses, account details, and certain order histories. Subsequent forensic analysis identified the former employee as the individual responsible for the breach. After being confronted with the evidence, the suspect confessed and provided explanations on the method by which access was obtained.
Specifically, Coupang reported that the perpetrator exploited stolen security keys to gain unauthorized entry into basic customer information associated with approximately 34 million accounts. While this number appears extensive, the company noted that information from only roughly 3,000 of these accounts was copied and later deleted.
The revelation of the breach had initially caused Coupang’s stock price to decline; however, in the wake of its disclosure regarding close governmental collaboration and investigative progress, shares advanced markedly. At the time of this report, data from Benzinga Pro indicates Coupang shares rose by 10.18%, trading at $25.10.
The ongoing investigation by South Korea's Personal Information Protection Commission carries the possibility of substantial penalties. The Commission has not ruled out imposing fines that could total near $770 million, reflecting the seriousness with which regulators are treating the breach.
The company’s transparent engagement with authorities and the clear chain of investigative steps highlight a commitment to resolve the situation under regulatory oversight, in contrast to earlier beliefs that the internal probe might have been conducted in isolation.
Further market reactions continue to unfold as stakeholders assess the implications of the breach, the employee’s admissions, and the regulatory scrutiny that lies ahead for Coupang.