o Coupang, the compromised data included names, phone numbers, email addresses, delivery addresses and some order details. The company has emphasised that payment information, credit card details and login credentials were not exposed. Even so, for consumers, the breadth of the leaked data is enough to enable phishing schemes, identity fraud and long-term misuse. Authorities believe the breach began much earlier than the company initially suggested. Unauthorised access to delivery-related personal data appears to have been conducted through overseas servers starting as early as June 24, remaining undetected for months. A report submitted to the Korea Internet & Security Agency shows that suspicious activity was detected on November 6, a 12-day gap that is now drawing scrutiny from regulators and lawmakers alike. Insider trading questions complicate the fallout The controversy deepened when filings with the US Securities and Exchange Commission revealed that two senior Coupang executives sold significant amounts of company stock shortly after the breach occurred but before its full scope was disclosed to the public. Coupang’s chief financial officer, Gaurav Anand, sold more than 75,000 shares on November 10, generating about US$2.19 million. A week later, Pranam Kolari, then a senior vice president overseeing search and recommendations, sold nearly US$772,000 worth of shares before resigning on November 14. Both transactions occurred after unauthorised access had taken place, but before Coupang publicly acknowledged the scale of the breach. While there has been no formal finding of wrongdoing, the timing has intensified scrutiny over whether executives may have acted on material nonpublic information Leadership change under pressure As public anger mounted, Park Dae-jun, the chief executive overseeing Coupang’s Korean operations, resigned, citing responsibility for both the breach and shortcomings in the company’s response. Harold Rogers, the chief administrative officer and general counsel of Coupang in the US, was appointed interim CEO. Coupang’s US parent company currently owns 100 per cent of the Korean unit and derives nearly all of its revenue from the domestic market.  Notably absent from public proceedings, however, is founder and board chair Kim Bom, who controls around 70 per cent of Coupang’s voting rights. Kim has declined to appear before lawmakers, citing overseas business commitments. His absence, along with that of other former executives, has drawn criticism from opposition lawmakers, who have vowed to pursue legislation aimed at preventing executives of large platform companies from avoiding parliamentary accountability. Consumers uneasy, not fleeing  Despite the severity of the breach, Coupang’s user metrics suggest that trust erosion has not yet translated into mass abandonment. In fact, daily active users briefly surged to an all-time high of nearly 18 million immediately after the breach announcement, driven largely by customers logging in to check their accounts, change settings or deactivate services. By early December, daily usage had stabilised around 16 million – roughly in line with pre-breach levels. Weekly active users also rose modestly. While rivals including Gmarket, Naver and Market Kurly recorded slight traffic increases, there has been no clear evidence of a large-scale migration away from Coupang. Yet analysts caution against interpreting stable usage as a clean bill of health. Data breaches rarely inflict immediate damage; their true costs often surface over time through regulatory penalties, legal settlements and rising compliance burdens. The incident has also heightened public sensitivity to data security, just as foreign e-commerce players, particularly Chinese platforms, are attempting to expand in Korea. With police identifying a former Chinese employee of Coupang as a key suspect, privacy concerns may become a higher barrier for overseas competitors, even as domestic players face stricter scrutiny of their own practices. Further reading: Inside Coupang’s profit streak and the strategy powering its expansion.