Criticism is growing that Coupang's poor internal controls are the fundamental cause of the data leak. In particular, as a former Chinese employee is being singled out as a key figure in the incident, some say management may have become lax amid an expansion of foreign employees and the activation of remote (work-from-home) arrangements.
According to industry sources on the 3rd, interpreters and translators working at Coupang number about 250 to 300, nearly triple from around 100 in 2021. Most are full-time, but some work under freelance contracts. Because the share of foreign employees is high, real-time interpretation and translation are essential to ensure smooth work and meetings.
Coupang has touted a "hybrid (Korea + global)" organization and has actively hired foreigners. According to the National Pension Service (NPS), as of this month Coupang's total head count stood at 12,203. Of those, foreign employees number around 1,000, reportedly exceeding 10%.
Coupang says it cannot disclose personnel information such as the total number of employees or the share of foreign staff. The company says personnel information is, in principle, confidential. In response to People Power Party lawmaker Kim Jang-kyom's request during a National Assembly inquiry the previous day for "hiring figures for Chinese nationals over the past five years," the company also said it "cannot disclose them."
While hiring of foreigners by domestic corporations, especially for information technology (IT) roles, is slowly increasing, the industry consensus is that it is still not common. A developer working at a domestic e-commerce company said, "Coupang has long been known for employing many foreign developers not only from China but also from India and the United States," adding, "Even across the broader IT industry, foreign developers are not common."
Coupang's interpreters and translators participate in meetings across a variety of business units—including IT as well as strategy, marketing, logistics, and finance—to provide simultaneous interpretation and handle translation of materials needed for work. Most are English interpreters and translators, but recently the number of Chinese interpreters and translators has also increased. As business in China and Taiwan has expanded in recent years, the number of employees who use Chinese has grown.
In particular, foreigners account for a significant share of managers (directors) who lead teams or departments. Coupang's rank structure is similar to Amazon's job level system, divided from L1 to L12. The higher the number, the higher the rank. At L7 and above—considered equivalent to director level, just below executive ranks at Korean corporations—Coupang has continued to recruit overseas talent by offering high salaries and benefits.
Kwon Heon-young, a professor at Korea University's Graduate School of Information Security, said, "Hiring employees of diverse nationalities and diversifying the work environment should mean that verification, including internal security systems, has been thorough," adding, "Using (foreign developers) without that premise is no different from saying a spy came to work."
Some also say the activation of remote (work-from-home) arrangements widened management gaps. Security gaps may have occurred in the process of allowing access to the internal network from outside the office. Coupang implements remote work at the discretion of department heads, and given the team and job characteristics of the employee at the center of the problem, it is possible remote work was liberal.
There have in fact been occasional cases of data leaks during work-from-home both in Korea and abroad. Recently at Taiwan's TSMC, former and current employees accessed the company's internal network while working from home, viewed confidential documents, and then attempted to leak them, prompting an investigation. At LG Display and Samsung Electronics, employees working from home were caught in 2021 and 2022, respectively, after accessing the internal network and attempting to leak secrets.
Professor Kwon said, "A series of recent information security incidents, including at Coupang, have become a problem because basic matters have been handled formally, the way they always were, without checks or training," adding, "A system must be built in which internal members recognize the importance of security themselves and leave it to experts."