Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Feb 02, 2026 · 5 min read

Coupang CEO Questioned After 33.7 Million Customer Data Breach

South Korean police are investigating whether the e-commerce giant obstructed their probe. A laptop weighted with bricks was recovered from a river.

The acting CEO of South Korea's largest e-commerce company was questioned by police on Friday in connection with a data breach that exposed 33.7 million customer accounts. Harold Rogers appeared at Seoul Metropolitan Police headquarters after ignoring two previous summons, facing questions about whether Coupang obstructed the official investigation.

The breach, which became public in November 2025, has become one of the largest in South Korean history. But the investigation has taken a dramatic turn: authorities recovered a laptop from a river, weighted with bricks in what appears to be an attempt to destroy evidence.

Corporate executive entering Seoul police station for questioning

What We Know About the Breach

Coupang is often called Korea's Amazon. The company operates an e-commerce platform, food delivery service, and streaming service, with tens of millions of Korean customers relying on its services daily. The breach exposed data from 33.7 million accounts, representing a significant portion of South Korea's population of 51 million.

While the full scope of exposed data has not been disclosed, e-commerce breaches typically expose:

  • Names, email addresses, and phone numbers
  • Shipping addresses and purchase histories
  • Payment information or partial card numbers
  • Login credentials that users may have reused elsewhere

This type of data is valuable to criminals for phishing attacks, identity theft, and credential stuffing attacks on other services.

The Obstruction Investigation

Seoul police launched a task force in December 2025 to investigate the breach. What they found went beyond the original incident. Investigators are now probing whether Coupang actively interfered with their work through several alleged actions:

  • Conducting its own internal forensic review that may have compromised evidence
  • Making contact with a former employee believed to be involved in the breach
  • Allegedly destroying physical evidence, including a laptop disposed of in a river
  • Acting CEO Rogers failing to appear for two scheduled police interviews

Rogers, who was appointed as acting head of Coupang's Korean division on December 10, told reporters outside the police station that the company would "fully cooperate with the probe, as it always has." Coupang released a statement claiming it was "cooperating fully with law enforcement" and that "allegations of negligence were false."

The Laptop in the River

Perhaps the most striking detail to emerge from the investigation is the recovery of a laptop from a river. According to Korean authorities, the device was weighted with bricks before being discarded, a clear indication that someone wanted it to sink and stay hidden.

Police are examining the laptop for evidence related to the breach. The deliberate destruction of potential evidence in a data breach investigation could carry serious criminal penalties under South Korean law, separate from any liability for the breach itself.

A Former Employee Under Investigation

Police are also investigating a former Coupang employee of Chinese descent who they believe played a key role in the breach. The investigation is examining whether Coupang contacted this person directly and whether such contact disrupted the official investigation.

Insider threats remain one of the most difficult security challenges for large organizations. Employees and former employees often have legitimate access to systems and data, making their activities harder to detect than external attacks. When companies discover insider involvement, the tension between internal investigation and cooperating with authorities can create legal complications.

What This Means for Affected Users

If you have a Coupang account, assume your data was compromised and take the following steps:

  • Change your Coupang password immediately
  • Change passwords on any other accounts where you used the same credentials
  • Enable two factor authentication wherever available
  • Watch for phishing emails that reference your Coupang account or recent purchases
  • Monitor your financial accounts for unauthorized transactions

The breach data is likely already circulating in criminal marketplaces. Attackers may use your email address and personal details to craft convincing phishing messages that appear to come from Coupang or other Korean services you use.

Corporate Accountability in Data Breaches

The Coupang case highlights a growing tension in how companies respond to data breaches. Internal investigations are standard practice, but they can conflict with law enforcement needs. Companies have incentives to control the narrative and minimize liability, while prosecutors need to preserve evidence and conduct interviews without interference.

South Korea has relatively strong data protection laws, and regulators have not hesitated to impose significant penalties on companies that fail to protect customer data. The obstruction allegations, if proven, could result in more severe consequences than the breach itself.

For security professionals and compliance officers, this case is a reminder that breach response plans must account for law enforcement coordination. Acting unilaterally, even with good intentions, can create legal exposure that far exceeds the original incident.