Coupang’s large knowledge breach in South Korea has now develop into a geopolitical flashpoint as a rising variety of the corporate’s U.S. traders take authorized motion in opposition to the South Korean authorities.
What started as a regulatory investigation into knowledge safety failures has expanded right into a broader dispute over alleged unfair remedy of the U.S.-headquartered firm.
Whereas Coupang — which operates in South Korea, Taiwan, and Japan — is sometimes called the “Amazon of South Korea,” its worldwide headquarters are literally in Seattle, Washington.
The corporate’s traders at the moment are searching for worldwide arbitration below the Korea–U.S. Free Commerce Settlement (FTA). On Jan 23, 2026, U.S. funding corporations Greenoaks and Altimeter filed a notice with South Korea’s Ministry of Justice, saying they suffered losses from what they characterised as the federal government’s discriminatory investigation into the info breach. They stated they plan to pursue investor–state dispute settlement (ISDS) arbitration below the Korea–U.S. FTA.
South Korea’s Ministry of Justice said Thursday that three extra traders together with Abrams Capital, Sturdy Capital Companions, and Foxhaven Asset Administration have now joined the case. They’re alleging the federal government acted unlawfully towards the e-commerce firm.
To recap the incident: In December, Coupang disclosed that almost 34 million Korean prospects’ private data had been leaked in a knowledge breach that had been happening for greater than 5 months. The breach concerned buyer names, e mail addresses, telephone numbers, delivery addresses, and sure order histories, the corporate stated.
Whereas different tech breaches in Korea resulted in much less extreme penalties, Coupang has confronted extraordinary authorities strain. The federal government reportedly threatened massive fines, suspension of operations, and travel bans for executives whereas, Coupang’s traders allege, trying to block public communication and misrepresenting the breach.
Techcrunch occasion
Boston, MA
|
June 23, 2026
Korea’s Private Info Safety Fee (PIPC) stated that greater than 30 million Coupang accounts have been uncovered — however the info level to only 3,000 affected accounts, based on Coupang’s traders.
In December, South Korea’s authorities and the PIPC said the Coupang breach was critical sufficient to justify greater fines. Below present legislation, penalties are capped at 3% of income, greater than $800 million for Coupang, based on the U.S. traders, however some lawmakers have proposed elevating the restrict to 10% and making use of it retroactively.
Even when the brand new legislation passes, it wouldn’t apply to Coupang, because the breach occurred earlier than the foundations modified. However a Democratic Social gathering lawmaker within the nation advised imposing punitive fines, by way of both new laws or a particular parliamentary act, and PIPC backed the thought, per news reports. South Korean President Lee Jae Myung additionally publicly called for heavy penalties, suggesting the corporate had not confronted enough penalties.
Based mostly on the notice of intent filing launched by the traders’ authorized advisor, the traders argue that the South Korean authorities’s actions represent an “unprecedented assault” on Coupang. Within the submitting, they argue:
“The Authorities’s unprecedented assault on a U.S. firm to learn its Korean and Chinese language opponents is an egregious violation of the Treaty, ideas of worldwide legislation, and the historic partnership between Korea and the US….. the Authorities’s surprising conduct has left the U.S. traders with no alternative. If the Authorities doesn’t instantly stop its assaults in opposition to Coupang, totally restore the corporate’s capability to function its enterprise, and completely finish its longstanding marketing campaign of discrimination in opposition to the corporate, then the U.S. traders can be pressured to hunt billions of {dollars} in damages from Korea to guard their investments in Coupang and treatment the Authorities’s ongoing Treaty violations, together with attemped expropriation.”
The submitting is a preliminary, pre-litigation step. South Korea’s Ministry of Justice is now reviewing the discover of intent, which kicks off a mandatory 90-day consultation period earlier than formal arbitration can start.
Coupang, Abrams Capital, and Foxhaven Asset Administration didn’t reply to TechCrunch’s request for remark. Sturdy Capital Companions couldn’t be reached.
In keeping with the traders’ submitting, South Korea’s dealing with of information breaches has been inconsistent, particularly citing different latest knowledge breaches in South Korea, together with KakaoPay, SK Telecom, Upbit, and Alibaba’s AliExpress.
KakaoPay reportedly transferred 54 billion buyer information to Alipay Singapore, but confronted only a $10 million fine and a CEO warning, whereas SK Telecom was fined $91 million after an enormous SIM card breach. Upbit and AliExpress additionally noticed minimal authorities motion. The traders say these examples underscore the stark distinction with the federal government’s response to Coupang.
South Korea’s Ministry of Science and ICT stated Wednesday that the Coupang knowledge breach was carried out by a former worker who had labored on the corporate’s authentication techniques and was conscious of vulnerabilities in each the authentication framework and key administration system.
The Ministry alleges that Coupang did not report the breach to the Korea Web & Safety Company (KISA) inside 24 hours and didn’t totally implement a November 2025 knowledge preservation order, resulting in the deletion of key internet and app entry logs. The ministry has referred the matter to investigators and ordered Coupang to submit a prevention plan by February 2026, with compliance monitored by way of July.
Coupang released a statement, saying that the worker, a Chinese language nationwide, accessed knowledge from over 33 million accounts however retained solely about 3,000 earlier than deleting it, and that no delicate information equivalent to fee knowledge, passwords, or authorities IDs was accessed.
Coupang additionally changed its CEO, Dae-jun Park with Harold Rogers, its U.S. father or mother’s prime lawyer, in December.
Adam Farrar, senior affiliate at CSIS and senior geoeconomics analyst for APAC at Bloomberg, stated on Tuesday’s Impossible State podcast that what started as a significant knowledge breach involving Coupang has grown right into a broader situation between the US and South Korea.
Farrar stated that the case is amplifying broader U.S. claims of unfair remedy towards American know-how corporations, elevating commerce and tariff dangers for South Korea as the U.S. Congress turns into more and more engaged.
“The huge knowledge breach [by Coupang] led to a collection of investigations within the Nationwide Meeting and a few very combative backwards and forwards with Coupang and a collection of executives over the previous a number of months,” Farrar stated within the podcast. “The extra dynamic right here is that Coupang, whereas driving nearly all of its earnings from Korea, is now a US-based firm that provides to the dynamic on each side, impacting how they’re perceived and seen.”
The problem extends past Coupang, elevating broader questions on whether or not South Korea is unfairly focusing on U.S. firms, Farrar continued.
Critics level to digital insurance policies they are saying favor home corporations, together with community utilization charges on content material suppliers like Netflix, Apple’s App Retailer and Google Play fee guidelines and knowledge localization necessities that restrict providers like Google Maps on nationwide safety grounds.
