[26.02.07] Coupang Data Breach Class Action Filed in U.S., Chairman Bom Kim Sued

Coupang Data Breach Lawsuit Filed in U.S.; Users Seek Punitive Damages from Headquarters

📍Filed in New York Federal Court… Chairman Bom Kim Named Co-Defendant as 33 Million Records Exposure Becomes Key Issue

Victims of the Coupang data breach have filed a class-action lawsuit in a U.S. court, expanding the case into an international legal dispute. Plaintiffs claim the U.S. headquarters directly controlled security policy and management responsibilities and are seeking punitive damages.

---

🔹 Class Action Filed in U.S. Court
On the 6th (local time), victims filed a class-action lawsuit in the U.S. District Court for the Eastern District of New York against Coupang Inc. and its chairman Bom Kim as co-defendants.

SJKP, the U.S. partner law firm of Korea’s Daeryun Law Firm, announced at a press conference that the complaint had been submitted. Coupang Inc. is the parent company that owns 100% of Coupang Korea.

Plaintiffs argue that although the breach occurred in Korea, major decisions such as security policy and incident response were made by executives at the U.S. headquarters.

🔹 Liability of Chairman Bom Kim
The plaintiffs allege that Chairman Bom Kim had final authority over staffing and budgeting for information security but neglected or grossly overlooked security risks.

The lead plaintiff is a U.S. citizen residing in New York who used Coupang services in both Korea and the United States. Reportedly leaked information includes contact details, address, payment information, and a personal customs clearance code.

Plaintiffs claim the breach exposed them to identity theft and financial fraud risks due to management failures.

🔹 Alleged Theft of 33.7 Million Records
The complaint states a former employee stole approximately 33.7 million customer records, including names, phone numbers, and building access codes. It also seeks a court order requiring encryption and multi-factor authentication implementation.

The class action represents both U.S. and Korea-based victims.

🔹 Claims of Contract Breach and Deceptive Practices
Plaintiffs claim Coupang Inc. failed to fulfill its data protection obligations, constituting a breach of implied contract and unjust enrichment.  They also allege violations of New York laws prohibiting deceptive business practices.

Attorney Tal Hirschberg of SJKP stated that Coupang Inc., established under U.S. commercial law, owes duties to all users including Americans and Koreans.

🔹 Participation Expected to Grow
While the complaint does not specify participant numbers, about 3,900 people had joined as of last December, and over 7,000 victims have reportedly inquired.

The case is separate from lawsuits filed in Korean courts and a shareholder suit in the U.S. Northern District of California.

🔹 Attention on Punitive Damages
Because U.S. law allows punitive damages, compensation could be substantial if gross negligence is recognized.

In a similar case, U.S. carrier T-Mobile agreed to pay $350 million in a consumer class-action settlement after a 2021 data breach and promised at least $150 million in security investments.

One-line summary : Victims of the Coupang data breach filed a U.S. class-action lawsuit seeking punitive damages.