How e-commerce platform Coupang is deeply integrated into South Koreans’ everyday life

SEOUL - The fate of South Korea’s largest e-commerce platform, Coupang, hangs in the balance after a devastating data breach that exposed nearly all of its 33.7 million user accounts, a crisis of exceptional weight given how embedded the platform is in the daily lives of millions.

Nearly three-quarters of the population are outraged by the cybersecurity lapse. But many are also conflicted over how to respond to a service that manages everything from groceries and daily essentials to late-night food orders and streaming entertainment.

Coupang’s deep entanglement

Founded in 2010, Coupang swiftly reshaped South Korea’s retail ecosystem with its next-day delivery service Rocket Delivery, fuelled by substantial investments from global backers such as SoftBank’s Vision Fund.

In 2024, Coupang’s US$30.3 billion (S$39.3 billion) in revenue cemented its lead over retail giants Shinsegae and Lotte Shopping.

Its unmatched logistics network highlights the extensive reach of its delivery services, with 228 logistics warehouses across the country, including all facilities operated by Coupang Logistics Service and Coupang Fulfillment Services, as at August.

The convenience of fast delivery has driven users to subscribe to Coupang’s monthly Wow membership, priced at 7,890 won (S$7), strengthening customer loyalty. As at the third quarter, Coupang reported 24.7 million active customers.

The membership service has helped anchor customers to Coupang’s ecosystem with added perks like free food delivery via Coupang Eats and access to Coupang Play. As at August, Coupang Eats had become the leading food delivery app in Seoul, while in October, Coupang Play ranked second among domestic platforms with 7.95 million monthly active users, behind only Netflix with 15.04 million.

This makes it all the more difficult for users to walk away from such a wide range of services overnight.

According to a 30-something office worker named Kim, the problem goes beyond just free delivery. “Next-day delivery is hard to give up, but so are free food delivery from Coupang Eats as well as Coupang Play, which now offers exclusive drama series and live sports,” the office worker said.

Experts see the data breach as indicative of structural weaknesses in platform-based models that prioritised rapid growth over internal controls.

“Loyal users may stay, but Coupang could lose some less frequent customers,” said one industry expert, adding that its fall from grace may allow rival platforms the chance to gain ground. Among them are Naver, whose artificial intelligence-powered platform has posted strong growth, and the strengthening partnership between Gmarket and AliExpress Korea.

Legal actions in progress

The breach exposed consumer data including names, phone numbers, e-mail addresses, shipping addresses and even delivery-specific details such as apartment entrance codes.

While Coupang maintains that more sensitive information, such as personal customs clearance codes, was not compromised, user anxiety remains high, with some opting to pursue legal action.

The first such case was filed on Dec 1, when Lawfirm Chung submitted a complaint to the Seoul Central District Court on behalf of 14 clients, seeking 200,000 won per person in privacy-related damages. The plaintiffs argue that the breach constitutes a serious violation of their right to informational self-determination.

“We began with a small, select group as a pre-emptive step, since lawsuits like this tend to take a long time,” said attorney Kwak Jun-ho, adding that the number of plaintiffs could grow going forward.

Other law firms, such as Jihyang Law and Lawpid Legal Services, are now recruiting participants for a class-action suit against Coupang. Jihyang Law, previously involved in lawsuits over data breaches at Homeplus, stated that it is seeking 300,000 won per person for emotional distress and potential secondary harm.

According to Mr Marijus Briedis, chief technology officer at NordVPN, Coupang’s data breach highlights that cybersecurity threats can be serious even when no financial information is exposed. “Names, phone numbers and e-mail addresses are highly valuable to cybercriminals and can be exploited for phishing, impersonation scams or even identity theft,” he said.

At a press conference on Dec 2, the Korea National Council of Consumer Organizations urged Coupang to swiftly implement protection and compensation measures for affected users while pressing the government to impose strict penalties on Coupang.

Under the Personal Information Protection Act, which allows for fines of up to 3 per cent of a company’s average annual revenue over the past three years, Coupang could face penalties of one trillion won. THE KOREA HERALD/ASIA NEWS NETWORK