Kim Bom-suk (Bom Kim), founder and chairman of South Korean e-commerce giant Coupang, issued a long-awaited public apology following one of the largest data breaches in South Korea’s history. The incident exposed personal information linked to approximately 34 million customers, impacting nearly two-thirds of the country’s population and triggering nationwide outrage.
The apology came almost a month after the breach was first revealed in November 2025, a delay that fueled criticism from the public, regulators, and lawmakers. Kim faced mounting backlash for remaining silent during the early stages of the crisis and for skipping parliamentary hearings, intensifying scrutiny over Coupang’s leadership and crisis management.
Kim Bom-suk’s Apology: Acknowledging Failure and Delayed Communication
In his official statement, Kim accepted full responsibility as Coupang’s founder and chairman, admitting that the company’s initial response and lack of communication were inadequate. He acknowledged that customers were left anxious and fearful about the safety of their personal data and conceded that waiting to speak publicly until all facts were confirmed was a “poor judgment.”
Kim explained that Coupang focused first on preventing secondary damage and recovering the stolen data rather than issuing immediate statements. However, he admitted this approach came at the cost of transparency and trust. He emphasized that his apology was “overdue” and expressed deep regret for failing to communicate sooner.
What Happened: Details of the Coupang Data Breach
The breach was initially believed to affect around 30 million users, but investigations later confirmed that nearly 34 million accounts were involved. Coupang claims the breach was caused by a former employee, stating that it successfully recovered 100% of the leaked data from the suspect’s storage devices and that the information was neither sold nor distributed.
However, the South Korean Ministry of Science and ICT has publicly challenged this claim, calling it a “unilateral assertion” while the joint government investigation remains ongoing. This contradiction has further complicated public perception and raised questions about the full extent of the damage.
Political Fallout and Legal Pressure
Despite issuing the apology, Kim Bom-suk has declined to attend parliamentary hearings scheduled for late December 2025, citing prior overseas commitments. Lawmakers have responded by threatening legal action, escalating political pressure on Coupang’s leadership.
In response to government scrutiny, Coupang recently removed a controversial liability exemption clause from its terms of service one that previously shielded the company from responsibility for hacking-related damages. A customer compensation plan is now expected to be announced.
Rebuilding Trust and Strengthening Security
Kim pledged that Coupang will overhaul its cybersecurity infrastructure, significantly increase security investments, and conduct a comprehensive review of internal vulnerabilities. He described the breach as a painful lesson and vowed to rebuild trust “from the ground up.”
As South Korea watches closely, the Coupang data breach may become a defining moment for corporate accountability, data protection standards, and consumer rights in the digital economy.
