Members of a committee fighting for countermeasures to protect delivery workers from overwork hold a rally in front of the Korean National Police Agency calling for the punishment of Coupang founder Kim Bom-suk over an industrial accident in Seoul, Tuesday. Yonhap
What should have remained a serious but straightforward investigation into a customer data breach is rapidly veering off course. Coupang's recent handling of its data leak has transformed a matter of corporate accountability into a broader controversy involving government authority, public trust and even Korea-U.S. relations. At the center of this unfortunate episode is Coupang's own arrogance and its deeply inappropriate attempt to control the narrative while official investigations are still ongoing.
On Thursday last week, Coupang announced that the actual damage from the breach was "minimal," asserting that no customer data had been transmitted to third parties and that information from only about 3,000 accounts had been copied by a former employee. This unilateral declaration came while police and a joint public-private investigation team were actively examining the case. Coupang is not an independent arbiter in this matter; it is the very subject of the investigation. For a company in such a position to present its own conclusions as though they were authoritative findings is improper, regardless of whether those claims ultimately prove true.
The timing made matters worse. Coupang released its statement just minutes before an emergency meeting convened by the presidential office, without prior consultation or coordination. This move was widely seen and described as a sort of "self-issued pardon," undermining the integrity of the investigative process and signaling disregard for public institutions. If Coupang was confident in its internal findings, the appropriate course of action would have been to submit them quietly to investigators and await official conclusions. Acting otherwise only fuels suspicion.
Equally troubling is Coupang's apparent effort to reframe the situation as a trade or diplomatic issue. Several conservative U.S. political figures, including a former national security adviser from the Trump administration, have publicly criticized the Korean government, suggesting that its scrutiny of Coupang amounts to unfair targeting of American technology firms. This framing is misleading. Coupang derives more than 90 percent of its revenue from Korean consumers and operates primarily within Korea's legal and commercial ecosystem. Investigating a data breach involving tens of millions of Korean customers is not protectionism; it is a basic function of governance.
Coupang's insistence on emphasizing its U.S. corporate identity whenever accountability arises in Korea rings hollow. One cannot simultaneously benefit from Korea's market, infrastructure and consumers while rejecting the authority of its laws and institutions. Such a selective approach erodes trust among not only customers but also regulators and the broader public.
This posture is further reinforced by the behavior of Coupang's de facto owner and chairman, Kim Bom-suk, who holds U.S. citizenship and has repeatedly avoided appearing before Korea's National Assembly when summoned. In the United States, congressional hearings involving major tech firms and their top decision-makers are routine in cases involving data breaches or public harm. It is difficult to argue convincingly that Korea should be held to a lower standard of democratic oversight.
That said, the Korean government must also ensure that its response remains measured, professional and grounded firmly in law. Concerns have been raised that the investigation seems slower and less decisive than Coupang's own announcements, creating the impression that public authorities are being led by a private company's narrative. This perception must be corrected. A prompt, transparent and evidence-based investigation is essential to restoring public confidence.
At the same time, this issue should not be inflated into a geopolitical confrontation. The United States would do well to exercise restraint. Korea's investigation is neither anti-American nor discriminatory; it reflects global norms on data protection and corporate responsibility. Turning regulatory scrutiny into a trade dispute only distracts from the real issue and risks unnecessary diplomatic friction.
Ultimately, this situation is about trust. Coupang's dismissive tone, unilateral declarations and apparent reliance on political pressure from abroad have deepened public skepticism. A company that handles vast amounts of personal data must act with humility, transparency and respect for due process. The Korean government must respond firmly but calmly, and the United States should respect Korea's sovereign right to enforce its laws.
If Coupang continues down its current path, it will find that legal maneuvering and lobbying cannot repair what has been damaged most: the confidence of the people who made its success possible.