Coupang Faces Legal Scrutiny for Massive Data Breach and Inadequate Security Measures

In a rapidly evolving digital landscape, companies must prioritize the security of their customers’ data. However, Coupang, Inc. (NYSE: CPNG) is facing intense scrutiny as allegations arise regarding a catastrophic data breach affecting over 33.7 million accounts. A national shareholder rights firm, Hagens Berman, is currently investigating the claims and has reminded investors of a critical deadline for participating in a potential securities class action.

Background of the Allegations

The investigation comes in light of a significant incident where a former employee allegedly accessed sensitive customer information without detection for nearly six months. This raised serious questions about Coupang's cybersecurity measures, particularly its claims of having “proactive security” and “administrative safeguards.”

According to partner Reed Kathrein, who is leading the investigation, the breach has resulted in substantial financial ramifications and highlighted systemic failures in maintaining adequate internal controls.

Specific Issues Raised in the Lawsuit

1. Inadequate Internal Controls

The legal complaint underscores that Coupang's internal controls were insufficient to prevent unauthorized access to sensitive customer data. Despite assurances of effective threat monitoring, the breach went unnoticed until the former employee’s actions caused significant damage.

2. Delayed Disclosure and Regulatory Involvement

Coupang publicly disclosed the cybersecurity incident on November 18, 2025, almost two weeks after it was aware of the unauthorized access. This delay not only misled investors but also attracted the attention of Korean regulators, who have initiated investigations into Coupang’s practices.

3. Financial and Leadership Fallout

In the wake of the incident, Coupang has been forced to establish a 1.2 billion USD compensation plan to restore consumer trust. The fallout also led to the resignation of CEO Park Dae-joon, illustrating the severe impact of the data breach on the company's leadership and reputation. The total market value loss has been reported at over 8 billion USD, a stark reminder of the financial dangers associated with inadequate cybersecurity measures.

What Investors Need to Know

As the lead plaintiff deadline of February 17, 2026, looms, investors who bought Coupang securities between May 7, 2025, and December 16, 2025, and believe they may have suffered losses are being urged to come forward. Hagens Berman's investigation aims to gather information that could support a class action lawsuit against capitalizes on Coupang's potential negligence in protecting sensitive customer data.

Investors can report their losses and seek guidance from the firm through their secure online platform or by contacting Reed Kathrein directly via phone or email.

Conclusion

The situation with Coupang serves as a critical case study in corporate accountability, emphasizing the importance of robust data protection measures. As vulnerabilities continue to plague the digital sector, companies like Coupang must not only prioritize cybersecurity but also ensure swift and transparent communication with their investors. In the end, the outcome of this class action could reshape investor confidence in organizations throughout the tech sector.

For those with confidential information or further insights related to this matter, Hagens Berman encourages you to reach out and play a part in the ongoing investigation. In the ever-changing landscape of digital security, each voice matters in the fight for accountability and justice.