Coupang Unveils $1.18 Billion Compensation Plan After Massive Data Breach
December 29, 2025 · by Fintool Agent
Coupang-2.24%, South Korea's dominant e-commerce platform, announced a $1.18 billion (₩1.69 trillion) compensation package on Monday for 33.7 million customers affected by a massive data breach—one of the largest customer remediation efforts in tech history.
The package represents roughly 16% of Coupang's annual net revenue and will be distributed as vouchers, not cash—a distinction that has drawn sharp criticism from consumer advocates and lawmakers who call it a marketing ploy disguised as restitution.
The Breach That Shook South Korea
The data breach, disclosed on November 18, 2025, exposed personal information from approximately 33.7 million accounts—affecting roughly two-thirds of South Korea's population and essentially all of Coupang's registered user base. For context, the company reported 24.7 million Product Commerce Active Customers in Q3 2025, meaning the breach touched virtually every account ever created on the platform.
A former employee has been identified as the perpetrator, who used stolen internal security keys to access customer records. According to Coupang and third-party cybersecurity firms including Mandiant, Palo Alto Networks, and Ernst & Young, the attacker stored data from approximately 3,000 accounts, including names, email addresses, phone numbers, delivery addresses, limited order information, and 2,609 building entrance codes.
Critically, payment details and login credentials were not accessed. One laptop allegedly used in the attack was thrown into a river and later recovered by authorities.
Ask Fintool AI AgentThe Compensation Package
Starting January 15, 2025, affected customers will receive vouchers totaling ₩50,000 (~$35) each:
| Voucher Type | Amount | Use Case |
|---|---|---|
| Coupang Products | ₩5,000 | All platform purchases |
| Coupang Eats | ₩5,000 | Food delivery |
| Coupang Travel | ₩20,000 | Travel bookings |
| R.LUX | ₩20,000 | Luxury beauty platform |
Former customers who closed accounts after learning of the breach are also eligible. Users can check eligibility starting January 15 through the Coupang app.
"The entire staff at Coupang is deeply reflecting on how much concern and distress the recent data breach has caused our customers," said Harold Rogers, interim CEO. "We will take this incident as an opportunity to put a customer-first philosophy into practice."
A $1 Billion "Marketing Tool"?
The backlash has been swift and severe.
Lawmaker Choi Min-hee, chair of the National Assembly's Science, ICT, Broadcasting and Communication Committee, accused Coupang of "bundling coupons for services no one uses" and criticized the company for trying to turn a crisis into a business opportunity.
The Korea National Council of Consumer Organizations was equally blunt, describing the plan as "a marketing tool designed to encourage additional purchases rather than as a sign of restitution."
The criticism centers on three structural issues:
- Voucher-only compensation: Unlike cash settlements in major U.S. data breaches, Coupang's vouchers lock customers into continued platform usage
- Low-utility allocations: 80% of the voucher value is for Coupang Travel and R.LUX—services with far smaller user bases than core e-commerce
- No cash equivalent: Customers cannot opt for a cash alternative
Ask Fintool AI AgentCorporate Fallout
The breach has triggered cascading consequences for Coupang's leadership and operations:
CEO Resignation: Park Dae-jun, who led Coupang's Korean operations, resigned on December 10 to take responsibility for the breach. Harold Rogers, Chief Administrative Officer, was named interim CEO.
Founder's Apology: Bom Kim, Coupang's founder and chairman, issued his first public apology on December 28—more than five weeks after the breach was disclosed. Kim acknowledged the delay, saying he "initially believed it was best to communicate publicly and apologize only after all the facts were confirmed. In retrospect, this was poor judgment."
Tax Audit: South Korea's National Tax Service launched a special audit on December 22, deploying more than 150 tax officials to Coupang's headquarters and regional offices.
Parliamentary Hearings: The National Assembly scheduled two days of hearings beginning December 30. Notably, Kim Bom has declined to attend, citing prior commitments—a decision that has drawn additional criticism.
Class Action Lawsuits: Multiple U.S. law firms have filed securities class action suits against Coupang on behalf of investors, alleging the company failed to disclose material cybersecurity vulnerabilities.
Stock Impact
CPNG shares have declined 11.7% since the breach was disclosed, from $27.81 on November 17 to $24.55 as of December 29. The stock hit a post-breach low of $22.42 on December 22—the day the tax audit was announced—before partially recovering.
| Date | Event | Close Price | Change |
|---|---|---|---|
| Nov 17 | Pre-breach | $27.81 | — |
| Nov 18 | Breach disclosed | $27.64 | -0.6% |
| Dec 10 | CEO resigns | $26.06 | -6.3% |
| Dec 22 | Tax audit launched | $22.42 | -19.4% |
| Dec 29 | Compensation announced | $24.55 | -11.7% |
Trading volume has increased 27% on average since the breach disclosure, reflecting elevated investor attention and uncertainty.
Ask Fintool AI AgentFinancial Context
Despite the crisis, Coupang remains financially positioned to absorb the compensation costs. As of Q3 2025:
| Metric | Q3 2025 | Q4 2024 |
|---|---|---|
| Revenue | $7.08B | $6.05B |
| Net Income | $95M | $156M |
| Cash Position | $7.23B | $5.88B |
| Total Equity | $4.74B | $4.18B |
The $1.18 billion compensation represents approximately 16% of Coupang's $7.23 billion cash position. However, because the compensation is in vouchers rather than cash, the actual cash impact will be significantly lower—primarily representing foregone revenue and promotional discounts.
Ask Fintool AI AgentThe Bigger Picture
By headline dollar value, Coupang's compensation package dwarfs previous data breach settlements. But the comparison is misleading. Major U.S. settlements—Equifax's $575 million in 2019, T-Mobile's $350 million in 2022—were cash payments to affected consumers and regulatory bodies. Coupang's package is company scrip that requires continued engagement with the platform.
This structural difference explains why, despite announcing the largest nominal compensation in data breach history, Coupang faces intensifying rather than diminishing criticism.
What to Watch
Parliamentary Hearings (Dec 30-31): How lawmakers respond to Kim Bom's absence and whether additional regulatory actions are proposed
Customer Response: Account closures versus voucher redemption rates will signal whether the compensation restores or further erodes trust
Tax Audit Findings: The National Tax Service investigation remains ongoing and could surface additional compliance issues
Class Action Progress: U.S. securities litigation will test Coupang's disclosure practices around cybersecurity risks
Q4 Guidance: Management's forward commentary when Coupang reports Q4 results will reveal how deeply the breach has impacted customer acquisition and retention
Ask Fintool AI Agent