A massive data breach at Coupang has exposed the personal information of 1.65 million self-employed merchants, sparking major concerns at a National Assembly subcommittee hearing on hacking and privacy invasions.
Expert Testimony Highlights Vulnerabilities
Professor Kim Seong-joo from Goryeo University’s Information Protection Department warned that self-employed workers face heightened risks from data leaks compared to full-time employees. “Even full-time positions at companies leak information through business operations, but analysis results damage trust externally, and self-employed workers lack institutional safeguards,” Kim stated during the January 6 hearing in Seoul.
The subcommittee, chaired by Representative Lee Ha, confirmed Coupang’s leak of 1.65 million personal records belonging to merchants. Participants criticized the company’s handling of self-employed partnerships as a severe breach of trust.
Key Participants and Absences
The hearing included experts such as Choi Woo-hyuk, a network security researcher; a director from the Korea Internet & Security Agency (KISA); and Park Se-joon, representative of Tiori. However, Coupang’s head of inspection cooperation did not attend, citing ongoing discussions with government officials on result disclosures.
Attendees demanded a full accounting of the self-employed data breach. The Supreme Privacy Commission chair noted discrepancies: “On December 25, only 3,000 records were reported leaked, but now it’s 1.65 million as of the 5th.” The chair added, “Publicly reflecting company announcements leads to losses, and even with results, citizens need reliable information to act on.”
International Comparisons and Calls for Stronger Laws
Choi emphasized global standards: “If Amazon leaked massive U.S. personal data, the government would intervene. Leaks here stem from national security gaps, not just company issues.” He highlighted, “The U.S. restricts foreign access to sensitive citizen data through laws and enforcement, unlike in Korea.”
The subcommittee accepted Coupang’s admission of the 1.65 million leak. Initially, on December 25, Coupang claimed only 3,000 actual external leaks out of 34 million records, with the rest secured on domestic servers. Subsequent findings escalated the total, further eroding trust.
Government and Regulatory Responses
Officials urged unified public disclosures. Choi Woo-hyuk, policy chief at the Communications Commission, stated, “SK Telecom and KT accurately announced personal data leak results monthly. Coupang should unify its base and properly manage workers.”
Investigations continue with government, assembly, and international partners. U.S. House representatives previously briefed Coupang’s Korea logistics head on concerns, requesting data from the Korean government. For the first time, U.S. lawmakers directly addressed Korea on tech sector job impacts.
The Korean government maintains U.S.-related leaks are unrelated to Coupang. Current efforts focus on verifying breach scope through precise investigations, data access, and protective measures.
Ongoing Actions and Timeline Shifts
Coupang extended its Baro Investigation Task Force from January 27 to February 2. Vulnerabilities during searches allowed one-time external exposures. U.S. oversight persists, with demands for joint research and privacy protections.
