Coupang Inc Claims "2,609 Accounts Accessed for Entrance Password... Omitted from Investigation Report"

Coupang Inc., the parent company of Coupang, publicly objected on February 10 to the findings of a joint government–private sector investigation that concluded the scale of its personal data leak reached 150 million records. The company argues that the investigation team omitted key verification results.

The Ministry of Science and ICT announced the results of the joint investigation into the Coupang breach at the Government Complex Seoul on the same day. According to the investigation team, the personal data leaked by a former employee of Coupang exceeds 33 million records, and the information such as delivery addresses that the perpetrator viewed amounts to 150 million records. The team said that the exact size of the leak will be finalized by the Personal Information Protection Commission, but stressed that there were more than 140 million instances of "access" and stated that "access means leakage."

In response, Coupang Inc. issued a statement that afternoon, arguing that "the joint investigation team’s report states that the former employee made 50,000 queries related to the shared entrance access code, yet omits the verification result that these queries were in fact limited to access to 2,609 accounts." This is being interpreted as expressing concern that the number of queries could be mistaken for the actual scale of the information leak.

Coupang headquarters. Yun Dongju, Reporter

View original image

Coupang Inc. stated, "The joint investigation team and the Personal Information Protection Commission also possess forensic analysis results showing that no personal information of Korean users was stored on the recovered devices," adding, "All forensic evidence is fully consistent with the former employee’s sworn confession that he stored and then deleted user data from approximately 3,000 accounts." The company maintains that its own investigation result, which concluded that "user data from 3,000 accounts was stored," remains unchanged.

Regarding the possibility of secondary damage, the company also said, "No evidence of any secondary damage resulting from the Coupang personal information incident has been identified," citing "the latest analysis by independent security specialist firm CNS." It added that multiple independent internet security firms are providing Coupang with weekly monitoring results covering the dark web, deep web, Telegram, Chinese messenger platforms, and others. The joint investigation team likewise stated at the briefing that no secondary damage has yet been confirmed.

Coupang Inc. further said, "The former employee did not access highly sensitive customer information such as payment and financial data, user IDs and passwords, or government-issued identification," noting that "this has been verified through security logs from Akamai, our cloud platform provider, and those logs were provided to the joint investigation team and the Personal Information Protection Commission on December 8, 2024." The statement concluded, "Coupang looks forward to all the facts being clearly brought to light."

Coupang had already announced on December 25 last year that there was no evidence the suspect had transmitted personal information externally, which sparked controversy over a so-called "self-investigation." The company is now highlighting that the government’s findings are consistent with its own internal investigation.

Hot Picks Today

As Samsung Falters, Chinese DRAM Surges: CXMT Returns to Profit in Just One Year

• "Most Americans Didn't Want This"... Americans Lose 60 Trillion Won to Soaring Fuel Costs
• Man in His 30s Dies After Assaulting Father and Falling from Yongin Apartment
• Samsung Union Member Sparks Controversy With Telegram Post: "Let's Push KOSPI Down to 5,000"
• "Why Make Things Like This?" Foreign Media Highlights Bizarre Phenomenon Spreading in Korea

Meanwhile, some observers interpret Coupang Inc.’s decision to issue a statement on this day as being related to its upcoming appearance before the U.S. House Judiciary Committee and the possibility of litigation in the United States. On February 5 (local time), the U.S. House Judiciary Committee, claiming discrimination by the Korean government in connection with the Coupang incident, issued a subpoena to Harold Rogers, Coupang’s interim representative. Rogers is scheduled to appear before the U.S. House Judiciary Committee on February 23.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.