Coupang CEO Resigns Amid Police Raid Over Data Breach
▼ Summary
– Coupang’s CEO, Park Dae-jun, resigned to take full responsibility for a massive data breach affecting 33.7 million users, far more than initially reported.
– The company appointed US-based executive Harold Rogers as interim CEO to lead the response and prioritize addressing the incident and restoring trust.
– Seoul police raided Coupang’s headquarters to investigate security vulnerabilities and are seeking a former employee, a Chinese national, suspected of the leak.
– South Korea’s privacy regulator ordered Coupang to revise a liability exemption clause for data breaches, which it found violated national law.
– The regulator also mandated Coupang simplify its membership cancellation process and establish a task force to mitigate further harm to users.
The situation at Coupang, South Korea’s dominant e-commerce platform, has escalated dramatically following a catastrophic data breach. The company now faces a leadership crisis, a police investigation, and severe regulatory censure, compounding the fallout from the leak of information belonging to tens of millions of users. These developments mark a profound crisis of confidence for a firm once celebrated for its rapid delivery and market innovation.
Chief Executive Park Dae-jun resigned from his position, accepting full responsibility for the security incident and the company’s handling of its aftermath. His departure was announced just days after Coupang corrected the scale of the breach, revealing it impacted 33.7 million users, a figure vastly greater than the initial report of 4,500 accounts. This number represents a significant majority of South Korea’s population, underscoring the massive scope of the incident. Park issued a public apology, stating he was stepping down from all roles to take accountability.
Coupang Inc., the U.S.-based parent company, moved quickly to appoint an interim leader. Harold Rogers, the firm’s current chief administrative officer and general counsel based in Seattle, will now guide the South Korean unit’s response. In his statement, Rogers emphasized that the immediate priorities are to address the breach comprehensively, bolster information security systems to prevent any repeat, and work diligently to rebuild customer trust.
This leadership change followed a significant law enforcement action. Seoul police executed a raid on Coupang’s headquarters, seizing internal documents and records related to the data leak. Authorities are probing the company’s security infrastructure while also pursuing a specific suspect. According to reports, an arrest warrant has been issued for a Chinese national and former Coupang employee, who is suspected of violating network laws and leaking confidential data. A police official stated the investigation aims to fully determine the source of the leak, along with its methods and root causes.
Simultaneously, South Korea’s data protection regulator has taken forceful action. The Personal Information Protection Commission ordered Coupang to revise a controversial clause in its terms of service that attempted to exempt the company from liability for damages caused by unauthorized third-party access. The regulator declared this clause a violation of national privacy law, arguing it unlawfully obscures corporate accountability, especially in cases involving negligence. The PIPC also criticized Coupang for implementing an overly complex account deletion process that effectively prevented users from canceling paid subscriptions. As part of its directive, the commission mandated the creation of a dedicated task force to minimize further harm to affected individuals.
(Source: InfoSecurity Magazine)
