Appeared as a Witness at the National Assembly Science and Technology Committee Hearing
Emphasized That No Sensitive Information Was Leaked
Clarified: "This Does Not Mean We Take the Incident in Korea Lightly"
Harold Rogers, the interim CEO of Coupang, addressed the massive personal data leak involving 33.7 million cases, stating, "We take this matter extremely seriously." However, he drew a line by emphasizing that, based on U.S. standards, no relevant laws were violated.
At the National Assembly's Science, Technology, Information and Broadcasting and Communications Committee hearing on the 17th, Rogers appeared as a witness and responded to a related question from Assemblyman Cho Incheol of the Democratic Party of Korea, saying, "Sensitive personal information such as payment details or passwords was not leaked in this incident," and added, "While it is difficult to be definitive, if a similar situation had occurred in the United States, it would not have constituted a violation of U.S. laws."
He further clarified, "That does not mean we are taking the incident in Korea lightly," and explained, "We are operating our business in compliance with Korean law. My comments regarding U.S. law were in response to a question about whether this would be a violation in the United States, and based on the sensitivity of the data under U.S. law, it would not be considered a violation."
Harold Rogers, the new CEO of Coupang, appeared at the hearing on Coupang's breach incident held on the 17th by the National Assembly's Science, Technology, Information and Broadcasting and Communications Committee, responding to lawmakers' questions. Photo by Kim Hyunmin
Why Did Coupang File an Emergency Disclosure with the U.S. SEC a Day Before the Hearing?
There was also criticism regarding Coupang's emergency disclosure to the U.S. Securities and Exchange Commission (SEC) about the incident just before the hearing. Responding to a question from Assemblyman Shin Seongbeom of the People Power Party about the timing of the report, Rogers said, "According to SEC regulations, given the type of data leaked in this case, it was not considered a material incident, so there was no obligation to disclose it under U.S. data protection laws." He added, "However, since this issue has continued to attract attention, we decided to proceed with the disclosure."
Previously, Coupang's parent company, Coupang Inc., submitted an "8-K report" titled "Item 1.05 Cybersecurity Incident" the day before. The 8-K report is a current report that must be submitted immediately when an event occurs that could have a significant impact on investors' decisions.
In the report, Coupang stated, "We activated our response procedures immediately after becoming aware of the incident, blocked unauthorized access by the perpetrator, reported the matter to Korean regulatory and investigative authorities, and notified customers who may have been affected." The company further added, "The attacker did not release the acquired data externally, and as a result of this incident, Coupang customers' bank information, payment card information, and login credentials (ID or password) were neither obtained nor compromised in any other way."
Coupang also stated, "Korean regulatory authorities have launched an investigation into this incident, and there is a possibility that one or more Korean regulatory agencies may impose financial penalties." The company explained, "While there has been no significant disruption to Coupang's operations, we continue to face various risks, including potential revenue decline, increased recovery costs, regulatory fines, and litigation."
On the 17th, a hearing related to the Coupang breach incident is being held at the National Assembly Science, Technology, Information and Broadcasting and Communications Committee. Photo by Kim Hyunmin
Where Is Kim Beomseok? ... "I Am the Person in Charge in Korea"
When asked by committee members about the absence of Coupang founder Kim Beomseok, Chairman of Coupang Inc., who submitted a letter of non-attendance for the hearing, Rogers replied, "He is the chairman of Coupang Inc., and I am the CEO of the Korean entity." He added, "As the person with overall responsibility for the Korean entity, I will sincerely answer any questions regarding this matter," avoiding a direct answer. He continued, "I sincerely apologize to the Korean public for causing concern and anxiety. We take the current situation very seriously and will do our utmost to address all concerns raised by regulatory authorities."
In response to questions about compensation plans for the incident, Rogers said, "Coupang is currently working closely with the Personal Information Protection Commission, Korea Internet & Security Agency, Ministry of Science and ICT, Korea Communications Commission, and the police to resolve the situation." He added, "We will prepare and announce a responsible compensation plan for customers based on the results of the investigation."
Regarding the criticism from Assemblyman Lee Junseok of the Reform Party that former Coupang CEO Park Daejoon, who resigned just before the hearing, should not be promoted or take on another position in the future, Rogers responded, "I do not expect that to happen," and stated, "I understand that Park resigned after taking full responsibility for this incident."
At the hearing, five Coupang executives appeared as witnesses: CEO Rogers, Chief Information Security Officer Brett Mathis, Coupang Eats CEO Kim Myungkyu, Senior Vice President of External Affairs Min Byungki, and Vice President for National Assembly and Government Affairs Cho Yongwoo. Chairman Kim and former CEOs Park and Kang Hanseung, who were also requested to attend, did not appear.
Committee members expressed strong reactions to Coupang's decision to send a foreign CEO who could not read materials or communicate in Korean. In particular, CEO Rogers caused controversy by stating, "Happy to be here," while explaining Chairman Kim's absence. Some members, after hearing Rogers' explanations, accused him of "wasting time with meaningless comments" and "trying to evade responsibility by using the language barrier," and either interrupted his answers or declared they would not ask further questions. Choi Minhee, chair of the committee, stated, "We will file a complaint against witnesses who did not attend," and added, "As soon as the hearing ends, we will begin a parliamentary investigation."
Meanwhile, Coupang stated that it plans to introduce passkeys, which have already been implemented in Taiwan, to the Korean market in the first half of next year. Passkeys are authentication systems that use biometrics or PINs (personal identification numbers) instead of passwords. Mathis, the Chief Information Security Officer, said, "We are planning to introduce passkeys to the Korean market in the first half of 2026," and explained, "Because the number of users in Korea is very large, the rollout process will be more complex to ensure that customers experience no inconvenience."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
