A punitive damages class-action lawsuit against the U.S. parent company (headquarters) over Coupang's massive personal data leak will move forward in a U.S. court. The plan is to file a complaint with the U.S. District Court for the Southern District of New York, going beyond the Korean entity, to hold it responsible for security-related decision-making and security policies.
SJKP, the U.S. affiliate of Korean law firm Daeryun, said on the 8th (local time) at a press conference at its Manhattan, New York, office that it plans to file a consumer class-action lawsuit against Coupang's parent company, "Coupang Inc."
Earlier, on the 29th, Coupang announced that information from about 33.7 million Korean customer account had been leaked. The leaked personal data included names, emails, phone numbers, addresses, and some order information.
Coupang's Korean entity is 100% owned by Coupang Inc., a U.S.-listed company on Nasdaq. The founder and board chair Bom Kim holds more than 70% of the voting rights of the parent company, and Kim is a U.S. citizen.
Kim Guk-il, Daeryun's managing representative, said, "Coupang's headquarters is incorporated in the United States, and the board and management have overseen risk management and governance in the United States," adding, "The ultimate responsibility for security investment and internal controls also lies with the U.S. headquarters' board and top management."
◇ "Possibility of Coupang data leak damages overseas, including in the United States"
According to Kim, the complaint will include allegations of ▲ data breach ▲ consumer protection violations ▲ security duty violations. The initial filing will focus on consumer protection liability, with plans to later add issues such as violations of shareholder disclosure obligations.
Kim raised the possibility that victims emerged not only in Korea but also overseas. He said, "Coupang's parent company has acquired the U.K. e-commerce corporations Farfetch and others, holding user data in North America and Europe, and it is operating in Korea under the name R.LUX," adding, "It is highly likely that their information was also leaked during the system integration process."
He added, "We are currently securing victims in North America and Europe, and we plan to specify the global scope of damages in the complaint, including these individuals."
The class-action suit will proceed entirely on a contingency basis. SJKP and Daeryun will front the attorney fees and litigation expenses, and only in the event of a win or settlement will part of the amount be used to cover the expense. Victims will not pay upfront, and even if the case is lost, there will be no separate billing.
◇ "We will force disclosure of Coupang's internal documents through U.S. discovery"
Kim said the lawsuit will proceed independently in a U.S. court, separate from proceedings in Korea. While Korea focuses on compensating consumer damages, in the United States the core issues will be the governance realities of the listed company and violations of disclosure obligations, he said.
He explained, "Coupang's ultimate decision-making body is the U.S. headquarters, and because the board and management exercised key authority over security and risk investments, legal accountability in the United States is essential."
Kim unveiled a strategy to use the U.S. discovery (evidence disclosure) system. He said, "Once a U.S. lawsuit proceeds, the discovery process can compel the disclosure of sensitive internal documents such as the headquarters' board minutes, security investment decisions, and reporting structures," adding, "This will be the smoking gun in this case."
Meanwhile, on the 5th, Daeryun filed a criminal complaint with the Songpa Police Station in Seoul against Park Dae-jun, Coupang's CEO, and those in charge of and managing in-house personal data certification tasks, on charges of violating the Personal Information Protection Act and breach of duty. The complaint alleges that, as personal data processing managers and overseers, they neglected safety measures such as managing certification keys.