Coupang CEO Resigns, a headline many in South Korea expected, but still signals a major moment for the country’s tech and e-commerce landscape. Coupang Corp. confirmed on Wednesday that its CEO, Park Dae-jun, has stepped down following a massive Coupang data breach that exposed the personal information of 33.7 million people, almost two-thirds of the country.
Park said he was “deeply sorry” for the incident and accepted responsibility both for the breach and for the company’s response. His exit, while formally described as a resignation, is widely seen as a forced departure given the scale of the fallout and growing anger among customers and regulators.
To stabilize the company, Coupang’s U.S. parent, Coupang Inc., has appointed Harold Rogers, its chief administrative officer and general counsel, as interim CEO. The parent company said the leadership change aims to strengthen crisis management and ease customer concerns.
What Happened in the Coupang Data Breach
The company clarified that the latest notice relates to the previously disclosed incident on November 29 and that no new leak has occurred.
According to Coupang’s ongoing investigation, the leaked information includes:
- Customer names and email addresses
- Full shipping address book details, such as names, phone numbers, addresses, and apartment entrance access codes
- Portions of the order information
Coupang emphasized that payment details, passwords, banking information, and customs clearance codes were not compromised.
As soon as it identified the leak, the company blocked abnormal access routes and tightened internal monitoring. It is now working closely with the Ministry of Science and ICT, the National Police Agency, the Personal Information Protection Commission (PIPC), the Korea Internet & Security Agency (KISA), and the Financial Supervisory Service.
Phishing, Smishing, and Impersonation Alerts
Coupang warned customers to be extra cautious as leaked data can fuel impersonation scams. The company reminded users that:
- Coupang never asks customers to install apps via phone or text.
- Unknown links in messages should not be opened.
- Suspicious communications should be reported to 112 or the Financial Supervisory Service.
- Customers must verify messages using Coupang’s official customer service numbers.
Users who stored apartment entrance codes in their delivery address book were also urged to change them immediately.
The company also clarified that delivery drivers rarely call customers unless necessary to access a building or resolve a pickup issue, a small detail meant to help people recognize potential scam attempts.
Coupang CEO Resigns as South Korea Toughens Cyber Rules
The departure of CEO Park comes at a time when South Korea is rethinking how corporations respond to data breaches. The government’s 2025 Comprehensive National Cybersecurity Strategy puts direct responsibility on CEOs for major security incidents. It also expands CISOs’ authority, strengthens IT asset management requirements, and gives chief privacy officers greater influence over security budgets.
This shift follows other serious breaches, including SK Telecom’s leak of 23 million user records, which led to a record 134.8 billion won fine. Regulators are now considering fines of up to 1.2 trillion won for Coupang, roughly 3% of its annual sales, under the Personal Information Protection Act. The company also risks losing its ISMS-P certification, a possibility unprecedented for a business of its size.
Industry Scramble After a Coupang Data Breach of This Scale
A Coupang Data breach affecting tens of millions of people has sent shockwaves across South Korea’s corporate sector. Authorities have launched emergency inspections of 1,600 ISMS-certified companies and begun unannounced penetration tests.
Security vendors say Korean companies are urgently adding multi-factor authentication, AI-based anomaly detection, insider threat monitoring, and stronger access controls. Police naming a former Chinese Coupang employee as a suspect has intensified focus on insider risk.
Government agencies, including the National Intelligence Service, are also working with private partners to shorten cyber-incident analysis times from 14 days to 5 days using advanced AI forensic labs.
Looking Ahead
With the Coupang CEO’s resignation development now shaping the company’s crisis trajectory, Coupang faces a long road to rebuilding trust among users and regulators. The company says its teams are working to resolve customer concerns quickly, but the broader lesson is clear: cybersecurity failures now carry real consequences, including at the highest levels of leadership.
