Home > Business > Tech

Data protection agency tells Coupang to stop publishing unconfirmed information about data breach

Published: 14 Jan. 2026, 21:07

The Coupang logo is seen on a delivery truck at a Coupang logistics center in Seoul on Dec. 29, 2025. [YONHAP]

Korea’s data protection watchdog on Wednesday told e-commerce giant Coupang to stop publishing its own findings about a data breach that compromised the personal information of millions of users, warning that unverified statements could mislead users and undermine an ongoing official investigation.

The Personal Information Protection Commission (PIPC) said Coupang had disclosed information on its app and website that authorities have not confirmed through a formal probe.

The commission reviewed Coupang’s response to the breach and its compliance with improvement recommendations that the watchdog approved twice in December at a full committee meeting held earlier on Wednesday.

During the review, the PIPC took issue with Coupang's notice that was based on statements obtained through the company’s own contact with a former employee identified as the suspected source of the leak, even as the official investigation continued. The watchdog said Coupang presented those statements as if authorities had verified them.

The commission said such disclosures could complicate efforts to determine the exact nature of the leaked information and the scope of the damage, and could lead the public to misinterpret the situation. It added that the practice could amount to interference with the commission’s investigation and ran counter to the intent of its earlier resolutions calling for corrective action.

Coupang is currently under investigation over a data breach that the company reported last November as to have compromised the personal data of 33.7 million customers, including their names, emails, phone numbers and addresses.

The commission said earlier recommendations had been implemented only in a largely formal way and were insufficient. It ordered Coupang to take additional steps, including adding a function to its app and website that allows users to check whether their personal data was leaked and to promptly notify those whose information appeared on leaked delivery address lists.

The commission also warned that Coupang has repeatedly failed to submit requested materials or submitted them late, saying such conduct could constitute obstruction of an investigation and could be treated as an aggravating factor in any future sanctions.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY HYEON YE-SEUL [[email protected]]