Coupang Faces Class Action Lawsuit Over Alleged Securities Violations Following Data Breach Affecting 30 Million Users
A class action lawsuit has been filed against South Korean e-commerce giant Coupang, Inc. (CPNG) and certain officers, seeking damages for alleged securities law violations following a massive data breach that compromised the personal information of more than 30 million users. The lawsuit, announced by investor-rights law firm Bronstein, Gewirtz & Grossman, LLC on December 21, 2025, covers investors who purchased Coupang securities between August 6, 2025, and December 16, 2025, a period defined as the “Class Period.”
Data Breach Triggers Investor Harm Allegations
The legal action stems from the fallout of what has been described as South Korea’s biggest-ever data breach. The incident exposed sensitive customer data, including users’ names, phone numbers, and delivery details, leading to intense public and regulatory backlash against the dominant online retailer. The filing of the class action signals the direct financial risk now facing the company, as investors seek to recover losses tied to alleged misstatements or omissions regarding the company’s operational risks during the Class Period.
The lawsuit alleges that the defendants violated federal securities laws, typically by claiming that the company or its officers made materially false or misleading statements, or failed to disclose adverse information, regarding the company’s data security protocols or operational integrity, thereby artificially inflating the stock price.
Executive Absences Dominate Parliamentary Scrutiny
The severity of the crisis was underscored by a special parliamentary hearing held in mid-December 2025, where South Korean lawmakers assailed Coupang executives over the breach. The focus of the lawmakers' anger was the absence of billionaire founder Bom Kim, who failed to appear before the session, underscoring rising public anger with the retailer.
The absence of key leadership figures dominated the proceedings, highlighting rising public anger and regulatory frustration with the company’s handling of the crisis, particularly given the scale of the breach affecting over 30 million users.
Also notably absent was Park Dae-jun, the former head of Coupang’s Korean operations, who had resigned just the week prior to the hearing. The company was represented by Harold Rogers, Coupang Inc.’s chief administrative officer and newly appointed interim head of the Korean unit, alongside a range of lower-ranking Korean executives.
Market Implications and Class Period Details
The combination of regulatory grilling, executive resignations, and the class action filing places significant pressure on Coupang’s stock performance and overall market valuation. The data breach and subsequent legal challenges introduce substantial uncertainty regarding potential regulatory fines and litigation costs.
Key details regarding the lawsuit and investor action include:
- The defined Class Period runs from August 6, 2025, to December 16, 2025, indicating the window during which the alleged securities law violations occurred.
- The lawsuit aims to recover damages for all persons and entities that purchased or otherwise acquired Coupang securities during this time.
- The incident involves the compromise of personal information for more than 30 million users, marking it as South Korea’s largest data breach.
Securities law investors and the broader financial community will closely monitor the ongoing legal investigation and the potential financial repercussions for Coupang, which is often benchmarked against global e-commerce leaders. The outcome of the lawsuit will be critical in assessing corporate accountability regarding massive data breaches in the rapidly expanding Asian e-commerce sector.
