Coupang, South Korea’s largest online retailer, plans to spend 1.69 trillion won (about $1.17 billion) to compensate users affected by a massive data breach.
According to the company, each affected user will receive four single-use vouchers: 5,000 won (about $3.48) usable across Coupang’s main retail services; 5,000 won for its food-delivery service; 20,000 won (about $14) for its travel products; and 20,000 won for its beauty platform.
Users will be able to check their eligibility and begin receiving the vouchers starting Jan. 15, 2026, the company said. Former customers who closed their Coupang accounts after the breach will still be eligible.
Harold Rogers, interim CEO of Coupang, described the package as a “responsible action for our customers” and pledged that the company would “fulfill its responsibilities to the very end.”
“We once again deeply apologize to our customers,” said Rogers, who replaced CEO Park Dae-jun, who resigned earlier in December after the breach came to light.
In the same filing, Coupang told U.S. regulators it had determined that a former employee may have obtained the data and that, to the company’s knowledge, the information had not been publicly disclosed.
Coupang said it became aware of the breach on Nov. 18. It has faced intense criticism for waiting until Nov. 29 to inform the public.
In a Dec. 25 update, Coupang said the perpetrator—a former employee—had been identified and confessed. According to the company, the individual accessed basic user data using an internal security key stolen while working at Coupang, but ultimately retained only order histories and building entrance codes for about 3,000 accounts.
According to Coupang, the perpetrator did not distribute or sell the data to any third party but instead deleted the stored information after seeing media reports about the incident.
The company reiterated that the accessed data included names, email addresses, addresses, and phone numbers, but not payment data, login information, or individual customs numbers. All devices used in the leak, including a laptop that the perpetrator allegedly threw into a river, have been recovered, the company said.
Coupang founder and chairman Bom Kim issued a separate apology on Dec. 29, admitting that the company had “neglected communication with the public” in the early days after learning of the breach.
The Korean American businessman acknowledged that his apology was “overdue,” saying he had initially believed it was best to wait until all facts were confirmed before speaking publicly.
“In hindsight, that was the wrong judgment,” Kim said, according to a translation of the original text. “While Coupang worked around the clock to resolve the situation, I should have expressed my deep regret and sincere apology from the very beginning.”
