Coupang faces possible business suspension after massive data breach

The government is signaling that it may suspend Coupang’s operations following a massive customer data breach affecting 33.7 million users of the U.S.-listed e-commerce giant, amid criticism of the company’s tepid response to the incident.

During a televised interview on Friday, Fair Trade Commission (FTC) Chairperson Ju Biung-ghi said “the possibility is open” regarding the suspension of Coupang’s operations in Korea.

“The authorities will first determine whether consumers are at risk of suffering or have actually suffered financial losses,” Ju said. “If Coupang is found to have failed to implement adequate measures to remedy the damage, a suspension of its operations can be imposed.”

His remarks came after the FTC, the Ministry of Science and ICT, the National Intelligence Service, police and other government units launched a joint task force to investigate the Coupang data breach on Thursday. The task force will work alongside existing investigators to examine the cause of the breach, measures to protect users and possible regulatory actions against the company including the suspension.

“The breach was a fundamental issue that threatens the daily lives of the public,” Deputy Prime Minister and Minister of Science and ICT Bae Kyung-hoon said while launching the task force.

The government’s hardline stance came in response to the company’s widely criticized handling of the incident.

During a National Assembly hearing on Wednesday, Coupang Corp. interim CEO Harold Rogers said, “The data that was leaked in this incident is not considered highly sensitive, and so there’s no requirement for us to file with the SEC (U.S. Securities and Exchange Commission) for the incident.”

Kim Bom-suk, also known as Bom Kim, chairman of Coupang Inc., has remained silent despite repeated calls from Korean lawmakers to appear and answer questions regarding the incident.

The government could suspend Coupang’s operations through a number of legal actions. The Act on the Consumer Protection in Electronic Commerce allows the FTC to temporarily suspend a business operator if a personal data leak is confirmed, if consumers have suffered or are at risk of suffering financial losses due to misuse of their information and if the operator is found to have failed to take necessary measures to remedy the losses.

However, industry officials said such a move would be difficult, as there have been no findings confirming that Coupang engaged in illegal conduct. In addition, past cases in which the Fair Trade Commission suspended business operations largely involved small online platforms where consumer harm was found to be intentional.

Instead, the act stipulates that authorities should impose fines, rather than suspend operations, when a business suspension could cause greater harm to consumers and the market. Given the large number of merchants operating on Coupang’s platform, industry officials noted that financial penalties are more likely.

An employee walks past the Coupang logo at the company’s logistics hub in Seoul, Wednesday. Yonhap

On the other hand, the Ministry of Land, Infrastructure and Transport could suspend Coupang’s operations by revoking or suspending its license as a parcel delivery operator.

However, this would also require clear evidence that Coupang’s in-house delivery unit, Coupang Logistics Service, committed serious legal violations and that those violations posed risks to human life or public safety.

The government’s current stance is widely accepted as political pressure on Coupang’s handling of the incident.

“The government’s moves are seen as a rhetorical signaling that authorities are taking the issue very seriously and reviewing all possible regulatory options,” an industry official said. “They also reflect growing dissatisfaction with Coupang’s lukewarm response and its insensitivity to mounting public uproar.”