SEOUL, December 04 (AJP) - Coupang earns roughly 90 percent of its estimated $34 billion in revenue from Korea, yet operates and trades as a U.S.-based company often dubbed "Korea's Amazon." Increasingly, however, it resembles something closer to a Chinese tech firm—with opaque recruiting practices and oversight failures that culminated in the mass-scale data leak exposing virtually all of its online shoppers.
For negligence and liability related to the loss of data on 33.7 million users, Coupang could face penalties of up to 3 percent of revenue, or as much as $1 billion, in addition to a raft of civil and criminal lawsuits.
Bom Kim, the Korean-born American who owns 76 percent of the New York Stock Exchange-listed Coupang Inc., remains out of sight as domestic CEO Park Dae-jun is hounded by police investigators, lawmakers and furious consumers.
The breach has shed light on Coupang's extensive reliance on foreign developers, including a sizable cohort of Chinese engineers. The alleged perpetrator is a former Chinese employee. Coupang has refused to disclose the nationalities of its engineering workforce, saying only that it recruits "talent from diverse backgrounds."
Activity on Maimai, China's equivalent to LinkedIn, suggests the company has maintained steady recruitment pipelines there. Verified accounts claiming Coupang affiliation have remained active through the second half of this year, alongside postings from headhunters and industry insiders seeking candidates for the company.
One user identifying himself as a senior vice president of a Chinese holding company ranked Coupang eighth among the most attractive foreign IT employers in Shanghai, behind Google, Amazon and Apple. In a June post, he wrote that Coupang's Shanghai office in Changtai Plaza pays competitively with Alibaba and employs numerous former Alibaba engineers across functions, adding that the attraction is "no overtime work."
Operationally, Coupang resembles Alibaba and JD.com more than Amazon. Instead of a marketplace model connecting external sellers to buyers, the company directly purchases inventory, stores it in proprietary warehouses and fulfills orders through its own vertical logistics network.
Despite investing 89 billion won annually in cybersecurity and employing more than 200 security engineers, the leak did not result from a sophisticated attack but a basic managerial lapse. A former employee kept access through an unrevoked JWT (JSON Web Token) signing key after leaving the company, enabling unrestricted entry for five months without triggering security alerts.
Coupang Corp., the Korean operating subsidiary, is wholly owned by Coupang Inc., a Delaware-registered holding company. Kim controls 76 percent of the voting rights, effectively placing the company under his personal authority. While the Korean unit is the legal entity liable for the breach, Coupang Inc. argues that it neither stores nor manages user data directly.
"A corporation and its CEO or shareholders are legally separate entities since a joint-stock corporation is based on limited liability. It is generally difficult to hold an individual—such as Chairman Bom Kim—personally accountable unless there are exceptional circumstances," said Um Kyong-chon, attorney at Lawfirm Family.
Kim stepped down from Coupang's Korean board shortly after the Serious Accident Punishment Act took effect in 2021, removing himself from the scope of internal criminal liability. Coupang has repeatedly underscored that its "headquarters is in the U.S., and Kim is an American citizen."
The company's dominance in online retail has shielded it from labor and regulatory controversies for years. J.P. Morgan projected minimal customer defection after the breach, citing limited competition and historically low public sensitivity to data privacy. Korean consumers accustomed to overnight delivery, the report noted, are unlikely to abandon the platform.
Adding to public anger are signs of potential insider trading. Several U.S.-based executives sold substantial shareholdings in the weeks surrounding the breach.
According to a U.S. Securities and Exchange Commission filing Tuesday, CFO Gaurav Anand sold 75,350 shares for about $2.2 million on Nov. 10. Former Vice President Pranam Kolari, who oversaw search and recommendations, sold 27,388 shares for $772,000 on Nov. 17, just days after resigning.
Given the sensitivity of the scandal, Bom Kim may eventually have to respond to public and political pressure. Korean law recognizes the concept of a "de facto" decision-maker—someone who exercises authority regardless of whether he holds a formal board seat.
Copyright ⓒ Aju Press All rights reserved.
