Investors in Coupang who suffered “substantial losses” following a cyber-attack are being urged to join plaintiffs in a class action lawsuit led by US-based law firm Hagens Berman.
Coupang is an Amazon-like e-commerce platform headquartered and incorporated in the US and listed on the New York Stock Exchange. The site is particularly popular in South Korea where it is the largest online retailer.
The company’s IT systems were breached in June 2025 and the retailer confirmed in early December that the personal data of 33.7 million customers may have been exposed, including names, emails, email addresses and phone numbers.
Later in December, South Korean press agency Yonhap reported that the Seoul Metropolitan Police Agency raided Coupang’s headquarters in southern Seoul to search for internal documents and records related to the breach.
The day after the police raid, Coupang’s CEO, Park Dae-Joon, stepped down and was replaced by Seattle-based Harold Rogers, the firm’s current chief administrative officer and general counsel.
South Korea’s privacy regulator, the Personal Information Protection Commission (PIPC), also revealed that Coupang revised its terms of service in November, introducing a new clause that disclaims responsibility for any harm resulting from unauthorized third-party access to its systems.
This clause violated South Korea’s Personal Information Protection Act as it obscures the company’s accountability in cases of intentional or negligent wrongdoing. The PIPC ordered Coupang to remove the clause.
The regulator also ordered the retailer to establish a specialized task force to mitigate potential further harm to affected users.
Class Action Lawsuit to Allege Coupang’s Security Failures
In a statement published on January 23, 2026, US-based law firm Hagens Berman Sobol Shapiro LLP said the breach has led to a $1.2bn compensation plan and a loss of over $8bn in market value for Coupang.
The law firm also announced it was investigating potential security failures made by the retailer.
Coupang investors have been urged to join a class action lawsuit by the February 17 lead plaintiff deadline.
Reed Kathrein, the Hagens Berman partner leading the firm’s investigation of the claims in the pending litigation, said: “We are investigating why it allegedly took Coupang nearly six months to detect that a former employee had access to 33 million customer accounts.”
The law firm outlined some of the security failures the lawsuits will allege, including inadequate protocols that allowed a former employee to retain access to sensitive customer information.
Additionally, Hagens Berman has encouraged people who can provide non-public information regarding Coupang to help in the investigation through the US Securities and Exchange Commission’s (SEC) Whistleblower program, which involves rewards of up to 30% of any successful recovery made by the SEC.
Infosecurity contacted Coupang but the company did not respond to requests for comment by the time of publication.
Image credits: yllyso / Mamun_Sheikh / Shutterstock
