Coupang officially reported to the U.S. Securities and Exchange Commission (SEC) a personal data leak affecting 33.7 million people.
According to the SEC on the 17th, Coupang Inc., Coupang's parent company, filed an 8-K report on the 16th titled "Item 1.05. Material cybersecurity incident." An 8-K is a disclosure that promptly informs investors and stakeholders when material changes occur at corporations.
In the report, Coupang said it "activated its incident response processes after discovery (of the incident) and disabled the threat actor's unauthorized access." It added, "We reported the incident to the relevant regulatory and law enforcement authorities in Korea, and we also notified customers whose data might have been accessed."
Coupang emphasized that "operations were not materially interrupted," but added that "the incident exposes us to various risks that could result in significant financial losses, including revenue loss, remediation measures, regulatory fines, and litigation."
The disclosure also included the resignation of Park Dae-jun, former head of Coupang Korea. Coupang Inc. said, "The former chief executive of Coupang Korea resigned on the 10th, and Harold Rogers, Coupang Inc.'s general counsel and chief executive, is serving as acting head."
The SEC filing came ahead of a National Assembly hearing on Coupang. Bom Kim, the chair of Coupang Inc., submitted a written statement explaining his absence due to overseas travel, and acting head Rogers appeared.