Appeared as a Witness at the National Assembly Science and Technology Committee Hearing
Emphasized That No Sensitive Information Was Leaked
Clarified: "This Does Not Mean We Take the Incident in Korea Lightly"
Harold Rogers, the interim CEO of Coupang, addressed the massive data breach involving 33.7 million cases of personal information, stating, "We are taking this matter extremely seriously." However, he drew a clear line by emphasizing that, based on U.S. standards, no relevant laws were violated.
Appearing as a witness at the National Assembly's Science, Technology, Information and Broadcasting and Communications Committee hearing on the 17th, CEO Rogers responded to questions from Assemblyman Cho Incheol of the Democratic Party of Korea, saying, "No sensitive personal information such as payment data or passwords was leaked in this incident." He added, "While it is difficult to make a definitive statement, if a similar situation had occurred in the United States, it would not have constituted a violation of relevant U.S. laws."
He further clarified, "This does not mean we are taking the incident in Korea lightly. We are operating in compliance with Korean laws, and my comment was based on the understanding that the question was about whether it would be a legal violation in the U.S. Considering the sensitivity of the data under U.S. law, it would not be a violation."
Harold Rogers, the new CEO of Coupang, appeared at the hearing on Coupang's breach incident held on the 17th by the National Assembly's Science, Technology, Information and Broadcasting and Communications Committee, responding to lawmakers' questions. Photo by Kim Hyunmin
Why Did Coupang File an Emergency Disclosure with the U.S. SEC the Day Before the Hearing?
There was also criticism regarding Coupang's decision to file an emergency disclosure with the U.S. Securities and Exchange Commission (SEC) about the incident ahead of the hearing. In response to questions from Assemblyman Shin Sungbeom of the People Power Party regarding the timing of the report, CEO Rogers explained, "According to SEC regulations, an incident like this, considering the type of data leaked, is not considered a material event, so there was no obligation to disclose it under U.S. data protection laws." He continued, "However, since this issue has continued to attract public attention, we decided to proceed with the disclosure."
Previously, Coupang Inc., the parent company of Coupang, submitted an "8-K report" titled "Item 1.05 Cybersecurity Incident" the day before. The 8-K report is a current report that must be filed immediately when an event occurs that could have a significant impact on investors' decisions.
In the report, Coupang stated, "We activated our response procedures immediately after becoming aware of the incident, blocked unauthorized access by the perpetrator, reported the matter to Korean regulatory and investigative agencies, and notified customers whose data may have been accessed." The report added, "The attacker did not release the acquired data externally, and as a result of this incident, Coupang customers' bank information, payment card information, and login credentials (ID or password) were neither obtained nor otherwise compromised."
Coupang also stated, "Korean regulatory authorities have launched an investigation into this incident, and there is a possibility that one or more Korean regulatory agencies may impose financial penalties." The company explained, "While Coupang's operations have not been significantly disrupted, we continue to face various risks, including potential revenue decline, increased recovery costs, regulatory fines, and lawsuits."
On the 17th, a hearing related to the Coupang breach incident is being held at the National Assembly Science, Technology, Information and Broadcasting and Communications Committee. Photo by Kim Hyunmin
Where Is Bom Kim? ... "I Am the Responsible Executive in Korea"
Regarding questions about why Bom Kim, Coupang Inc. founder and chairman, submitted a letter of non-attendance and did not appear at the hearing, CEO Rogers responded, "He is the chairman of Coupang Inc., and I am the CEO of the Korean entity." He continued, "As the person in charge of Coupang Korea, I will sincerely answer any questions regarding this matter," but avoided giving a direct answer. He added, "I sincerely apologize to the people of Korea for the concern and anxiety caused. We are taking the situation seriously and will do our utmost to address all concerns raised by regulatory authorities."
When asked about compensation plans related to the incident, he replied, "Coupang is currently working closely with the Personal Information Protection Commission, Korea Internet & Security Agency, Ministry of Science and ICT, Korea Communications Commission, the police, and other relevant agencies to resolve the situation." He added, "We will announce a responsible compensation plan for customers along with the investigation results."
Regarding Assemblyman Lee Junseok of the Reform Party's point that former Coupang CEO Park Daejun, who resigned just before the hearing, should not be promoted or given another position in the future, Rogers said, "I do not expect that to happen," and added, "As far as I know, Mr. Park resigned because he deeply felt responsible for this incident."
At the hearing, Coupang was represented by CEO Rogers, Brett Mathis, Chief Information Security Officer (CISO), Kim Myungkyu, CEO of Coupang Eats, Min Byungki, Executive Vice President for External Affairs, and Cho Yongwoo, Vice President in charge of National Assembly and Government Relations-five witnesses in total. Bom Kim, former CEO Park, and former CEO Kang Hanseung, who were also summoned, did not attend.
Members of the committee expressed frustration at Coupang's decision to send a foreign executive who could not read Korean materials or communicate in Korean. In particular, CEO Rogers caused controversy when he responded, "Happy to be here," while explaining Bom Kim's absence. Some committee members, after hearing Rogers' explanations to related questions, criticized him for "wasting time with meaningless statements" and "using language barriers to evade responsibility," with some even interrupting his answers or refusing to ask further questions. Committee Chairperson Choi Minhee stated, "We will file complaints against witnesses who did not attend," and added, "As soon as the hearing concludes, a parliamentary investigation will begin."
Meanwhile, Coupang announced plans to introduce passkeys, which have already been implemented in Taiwan, to the Korean market in the first half of next year. Passkeys are an authentication system that uses biometric recognition or a personal identification number (PIN) instead of passwords. CISO Mathis explained, "We plan to introduce passkeys to the Korean market in the first half of 2026," adding, "Since the number of users in Korea is very large, the rollout process will be more complex to ensure there is no inconvenience to customers."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
