Coupang CEO faces legal action for skipping South Korean hearing on data breach
Sign up now: Get insights on Asia's fast-moving developments
Personal information from 33.7 million Coupang customer accounts were exposed via unauthorised data access.
PHOTO: REUTERS
SEOUL – The billionaire founder of South Korea’s Coupang failed to appear before a parliamentary hearing on Dec 17 about the e-commerce giant’s recent data breach
Coupang chief executive and chairman Bom Kim declined to attend the hearing, citing his overseas residence and commitments as head of a global company operating in more than 170 countries.
“Chairman Bom Kim’s claim that he cannot attend because he is travelling abroad and is a global CEO is, in my view, an act that truly mocks the public and delivers despair to global investors,” said lawmaker Choi Hyung-du.
“Even Meta’s Mark Zuckerberg and Amazon’s Jeff Bezos – heads of companies larger than Coupang – did not refuse to appear before Congress hearings,” he said.
South Korea’s National Assembly later decided to file a legal complaint against the Coupang founder and former chief executive officers under a law that compels witnesses to attend hearings and make themselves available for investigations.
Under the law, people can be fined or imprisoned for refusing testimony.
Yelling in Parliament
At the hearing, Mr Harold Rogers – the interim chief executive of the company’s South Korean unit Coupang Corp – who was standing in for Mr Kim was frequently shouted at by the lawmakers.
Mr Rogers had to repeatedly request to be allowed to finish his answers.
“I’m in communication with our board of directors, including with our chairman,” Mr Rogers said, but added “I am the decision maker in Korea.”
The personal data of more than 33 million Coupang customers was leaked in a breach believed to have started on June 24 through overseas servers, though the company did not learn of the problem until Nov 18.
Shares in New York-listed Coupang, which is roughly 17 per cent owned by Japanese tech investment group SoftBank, have slumped 17 per cent since it revealed the breach at its South Korean unit late in November. The South Korean unit accounts for the vast majority of its revenue.
Mr Rogers said that under US Securities and Exchange Commission rules, the breach did not count as a material breach as the information leaked is not considered highly sensitive.
The breach would not violate US privacy law, he added.
The data included customers’ names, home and email addresses, phone numbers as well as their purchase history.
A dominant firm
Coupang dominates South Korea’s e-commerce market, keeping rivals in check with its competitive prices and various benefits such as same-day delivery, video streaming and food delivery services. It has 24.7 million active users, nearly half of the country’s population.
That dominant position is expected to help Coupang weather the negative publicity brought from the breach.
Coupang is “structurally advantaged in the Korean e-commerce market, effectively operating in a market with limited direct competition due to its scale, logistics integration, and consumer lock-in,” Nomura analysts said in a note to clients this week.
The company is, however, likely to be hit with a hefty fine.
Under current South Korean law, companies that fail to implement adequate data protection measures can be fined up to 3 per cent of revenue, which would translate to a penalty of more than one trillion won (S$873 million) for Coupang.
In the wake of the breach, South Korean President Lee Jae Myung has called for increased penalties, and on Dec 17, lawmakers introduced a Bill to raise fines to up to 10 per cent of revenue for massive data breaches. REUTERS
