It has been nearly a month since Coupang reported a large-scale personal data leak, but it still has not presented a specific compensation plan. That contrasts with major corporations that suffered personal data breaches this year, which released compensation measures an average of 4.2 days after reporting.
According to the industry on the 15th, Coupang improved internal procedures after reporting the personal data leak, including streamlining the member withdrawal process. However, it still has not presented a monetary compensation plan to retain departing customers or a practical relief plan for damages.
Most major corporations that reported personal data breaches to the Korea Internet & Security Agency (KISA) this year brought out compensation cards in less than a week.
Most notably, SK Telecom reported a SIM hacking incident on Apr. 20 and released a compensation plan on the 27th of the same month centered on free SIM replacements.
Albamon reported a member information leak on May 1 and offered a compensation plan for victims the next day. Lotte Card also promised compensation three days after reporting that its payment information server was hacked on Aug. 1. In addition, YES24 announced a compensation plan a week after reporting, and KT did so three days after its hacking incident. Only GS Retail did not separately present a compensation plan.
Coupang reported the personal data leak on the 18th of last month. On the 3rd of this month, former Coupang CEO Park Dae-jun appeared at the National Assembly and said, "We will actively review (compensation) for victims," but no additional action has followed.
Early in the crisis, Coupang sought to minimize responsibility by labeling the incident as a "disclosure" rather than a "leak" of personal data and by stressing that "no secondary damage has been confirmed."
An industry official said, "It appears to be a strategic move to reduce legal risk," but also noted, "Ultimately, restoring trust in corporations must start with transparent acknowledgment of responsibility and appropriate compensation."
In the industry, there is also speculation that the so-called "Coupang hearing" could be a turning point. The National Assembly's Science. ICT. Broadcasting. and Communications Committee will hold a hearing on the 17th regarding Coupang's large-scale personal data leak.
Harold Rogers, CoupangInc CAO & General Counsel, who was appointed interim CEO, is scheduled to attend.
However, CoupangInc Chair Bom Kim, former CEO Park Dae-jun, former CEO Kang Han-seung, and others submitted a written statement explaining his absence. With key management, including Kim, not attending, public opinion has already worsened, calling it a "toothless hearing."
A public affairs department official at a corporation said, "With the owner not attending the hearing, sentiment in the National Assembly and among the public is unfavorable," adding, "There is a possibility a compensation plan will be mentioned as a way to shift the narrative, but given the gravity of the matter, it is uncertain whether it will be effective."