South Korean e-commerce giant Coupang faces a U.S. investor class action lawsuit alleging securities law violations after a data breach exposed information of more than 33 million customers. The lawsuit, filed last week in California federal court, targets CEO Bom Kim and CFO Gaurav Anand for allegedly misleading investors about the company's data security practices.
Coupang discovered the breach on November 18, 2025, when a former employee was found to have retained unauthorized access to internal systems for months. The security lapse compromised customer names, email addresses, phone numbers, delivery addresses, and some order histories, though payment details and login credentials reportedly remained secure. The company, often called South Korea's Amazon, apologized for the incident last month.
The legal action claims Coupang failed to report the breach under U.S. securities rules in a timely manner, depriving investors of critical information. According to the complaint filed by New York-based The Rosen Law Firm, the company submitted regulatory filings that understated cybersecurity vulnerabilities while overstating safeguards. Investors who purchased Coupang securities between August 6 and December 16, 2025, are eligible to join the class action seeking damages.
During that period, Coupang's market capitalization fell from $53.3 billion to $42.4 billion, representing significant investor losses. The lawsuit focuses on alleged failures in corporate disclosures and fiduciary duties rather than direct liability for the data breach itself. "There are no jurisdictional limitations for the securities case since it is brought on behalf of those who purchased Coupang stock listed on the New York Stock Exchange," said Phillip Kim, attorney at The Rosen Law Firm.
In the breach's aftermath, Park Dae-jun, chief executive of subsidiary Coupang Corp, resigned earlier this month. The company has promised to strengthen security measures to prevent future data leaks. Coupang dominates South Korea's e-commerce market with same-day delivery, video streaming, and food delivery services, operating globally with offices in California and other U.S. cities.
The data breach has triggered multiple investigations in South Korea, including a National Tax Service probe into Coupang's logistics unit that began this week. Approximately 150 investigators were dispatched to examine accounting records and cross-border transactions with the company's U.S. headquarters. This marks the second major legal challenge for Coupang in U.S. courts, following a 2022 securities class action that was dismissed with prejudice in September 2025, though plaintiffs plan to appeal.
Coupang did not immediately respond to requests for comment on the current lawsuit. The case highlights growing investor scrutiny of cybersecurity disclosures as data breaches increasingly impact corporate valuations and regulatory compliance across global markets.
