Bom Kim, the chair of Coupang, which leaked personal information on a massive scale, issued an apology. It is the first apology to come about a month after it was revealed on the 29th that the number of consumer accounts leaked from Coupang was nearing 30 million.
On the 28th, Kim said in the apology, "I humbly accept the reproach," adding, "We will carry out a thorough overhaul."
Kim's apology came after he submitted a written statement explaining his absence for the National Assembly hearing set to begin on the 30th, which the legislature rejected. This time as well, Kim submitted a written statement explaining his absence for the hearing, saying, "I have another commitment scheduled on the hearing date, so it is difficult to attend." On the 17th, he said, "As the CEO of a global company operating in about 170 countries worldwide, I have official business engagements." Ninety percent of Coupang's total revenue comes from Korea.
As for the late apology, Kim said, "Amid rampant misinformation and with the situation changing very quickly, we judged it best to communicate publicly and apologize after all the facts were confirmed."
Coupang said in its own announcement on the 25th that only around 3,000 pieces of personal information were actually leaked and that there was no external leak to third parties. The scale differed greatly from a month ago, when it was said that about 30 million pieces of information had been leaked.
Kim also emphasized in the apology that "Coupang is continuing to cooperate with the government." This was a position statement in response to criticism that Coupang's announcement on the 25th was an uncoordinated self-investigation not consulted with the police and the Ministry of Science and ICT (MSIT), which are leading the inquiry.
In response, Coupang said it had cooperated with the government and made public a log of events. However, the "government" referred to here was reportedly not the police or the Ministry of Science and ICT (MSIT) but the National Intelligence Service (NIS), which recently joined the pan-government task force. The NIS said it "only consulted on business matters and did not issue instructions."
Below is the full text of Chair Bom Kim's apology.
Because of the personal information leak that occurred at Coupang, we have caused great concern and inconvenience to customers and the public.
As Coupang's founder and chair of the board, I sincerely apologize on behalf of all Coupang employees. I am devastated by the current situation in which many in the public are disappointed.
Due to this data leak caused by our responsibility, many people felt fear and anxiety that their personal information was not safe. We also caused great frustration and disappointment because we failed to communicate clearly and directly from the beginning of the incident. I sincerely apologize for the inadequate initial response and lack of communication right after the incident.
Above all, my apology was late. I fully supported deploying all resources and personnel to resolve the situation and prevent any secondary harm to our customers. Rather than apologizing only in words, Coupang sought to act and deliver tangible results and to take every possible measure that serves the best interests of the people of the Republic of Korea. Also, amid rampant misinformation and with the situation changing very quickly, I judged it best to communicate publicly and apologize after all the facts were confirmed.
In hindsight, that was the wrong judgment. While Coupang worked day and night to resolve the situation, I, too, should have conveyed deep regret and a heartfelt apology from the outset. Since recognizing the initial circumstances of the data leak, I have felt nothing but a heavy heart.
Today, Coupang shares the progress of the personal information leak incident and our determination to make reforms.
Coupang in Korea and its employees made it the top priority to contain the situation out of a heavy sense of responsibility that we must immediately block any "possibility of secondary harm" in order to restore customer trust right after the incident.
After sustained daily efforts over the past month, Coupang recently completed the retrieval of 100% of the leaked customer information through cooperation with the government. We secured the leaker's statement and recovered all storage devices. In this process, it was confirmed that the customer information stored on the leaker's computer was limited to 3,000 items, and it was also confirmed that this had not been distributed externally or sold. The investigation is ongoing, and we will provide updates as additional matters are confirmed.
From the early stages of the investigation, Coupang has fully cooperated with the government. Immediately after the incident, we identified the leaker and notified the government, swiftly recovered the equipment used and the leaked information through cooperation with the government, and submitted all related materials to the authorities. Throughout this process, even as much misinformation spread, we strictly complied with the government's request for "confidentiality."
We believed that retrieving 100% of the customer personal information stolen by the leaker was everything in "restoring customer trust." In focusing on that, we fell short in communicating with the public. We apologize to everyone who pointed out the communication problems and humbly accept the criticism and reproach.
Even after successfully retrieving and securing the leaked personal information, we recognize with utmost seriousness our failure to prevent the initial data leak, and we deeply apologize for all the concerns and inconvenience caused.
We will rebuild trust from the beginning. Centered on the board, Coupang in Korea will draw up a compensation plan for Korean customers who experienced inconvenience and implement it swiftly. Furthermore, to ensure that mistakes like this personal information leak never happen again, we will comprehensively overhaul Coupang's information security measures and investments. We will fulfill our responsibility so that necessary investments and improvements are not delayed.
We will take this failure as a lesson and a springboard to build a world-class cybersecurity system. We will thoroughly identify the causes of the security gap and innovate our security systems. When the government's final investigation results are released, we will create and implement recurrence prevention measures based on those findings.
Your trust and expectations are the reason Coupang exists. Taking this incident as a turning point, Coupang will carry out a thorough self-reform and never stop striving to deliver the world's best customer experience.
Once again, we apologize to the public.