[Editorial] Coupang Data Breach Continues to Escalate—Where Is Chairman Bom Kim?

The recent Coupang personal data breach has revealed not just irresponsibility, but a shocking lack of security awareness. The fact that a former Chinese employee was able to steal information using an authentication key that had not been deactivated is infuriating. There is simply no other way to describe it than a blatant disregard for customers.
The former employee in question freely accessed data and leaked information, while Coupang remained completely unaware as the situation spiraled out of control. If this personal data had been their own profits, they would never have managed security so carelessly. There is no way to know whether other staff members may have leaked information as well.
Personal data leaks are not just minor issues; they can be used for criminal activity. This year alone, losses from voice phishing (vishing) have reached nearly 1 trillion won. Had those in possession of personal data managed it properly, much of this damage could have been avoided. The starting point of vishing crimes in the Kingdom of Cambodia also traces back to stolen personal information.
Despite recent warnings from a series of data breaches at companies like Lotte Corporation and KT Corporation (KT), Coupang failed to even conduct internal checks. While external hacking is a concern, as seen in cases of bank embezzlement, this incident demonstrates that the greater threat often lies within. If the importance of personal data management had been recognized, there would have been at least some oversight of staff and security keys—but no such efforts were made.
Furthermore, if there were any sense of responsibility or seriousness about the incident, the top executive should have come forward to apologize and present follow-up measures. Yet Bom Kim, founder and chairman of Coupang, Inc., has remained completely silent. Even though he has stepped down from the board and as a registered director, he still holds the highest position in the company’s governance structure. Instead of shifting all responsibility to the Korean representative, he should appear in public and explain the company’s response.
Why are there so many personal data breaches and such a high rate of vishing crimes in South Korea? It points to a dangerously complacent attitude among companies and organizations that collect and manage personal information. Victims are now pursuing lawsuits, and the Office of the President of South Korea has announced it will seek punitive damages against Coupang.
First and foremost, penalties and compensation for data breaches must be significantly strengthened. While punishment is not a cure-all, it is necessary for prevention. Both the government and companies must establish airtight measures, including institutional reforms, to prevent further data leaks.
With the rapid pace of digitalization, individuals’ personal information is now exposed to the point that almost nothing remains private. Hacking techniques are becoming more sophisticated, leaving investigative agencies nearly powerless. Crime cannot be stopped by management or investigation alone. Above all, what matters most is a heightened awareness of security. From now on, both companies and the government must invest more time and resources to shed South Korea’s reputation as the world’s most frequent victim of hacking.