Coupang, listed on the New York Stock Exchange, was hit with a class-action lawsuit by U.S. shareholders over a personal data breach.
According to the U.S. District Court for the Northern District of California on the 20th (local time), shareholder Joseph Berry filed a class-action lawsuit against Coupang Inc., Chair Bom Kim, and Chief Financial Officer (CFO) Gaurav Anand.
The plaintiffs said Coupang recognized the large-scale personal data breach that occurred in November but failed to disclose it to U.S. securities authorities in a timely manner, causing losses to investors.
On Nov. 18, Coupang confirmed that a former employee retained access to internal systems after leaving the company and viewed about 33 million customer records without authorization. Under U.S. Securities and Exchange Commission (SEC) rules, corporations must disclose material cybersecurity incidents through Form 8-K within four business days of becoming aware of them, but Coupang did not submit the relevant report until Dec. 16.
The plaintiffs noted that Coupang took no action until media reports, despite not having received a disclosure delay waiver from the SEC. They also said Coupang mentioned security risks only in general terms in its second- and third-quarter reports this year and failed to disclose actual internal defects despite their existence.
Coupang's share price fell after the breach became known. It dropped 18% over the period, from $28.16 on Nov. 28 to $23.20 on Dec. 19.
According to the complaint, the class period runs from Aug. 6 to Dec. 16 this year. The plaintiffs argued that Coupang's management caused investor harm through false statements and information concealment and demanded damages and attorneys' fees.
This lawsuit is separate from the consumer class action over personal data damage and is based on U.S. federal securities law.
Meanwhile, a lobbying report released by the U.S. Senate showed that Coupang spent a total of $10.75 million (about 10.9 billion won) on lobbying from August 2021 through the third quarter of this year. Targets included the U.S. Congress, the Department of Commerce, the Office of the U.S. Trade Representative (USTR), and the White House.