South Korean e commerce giant Coupang is facing a class action lawsuit in the United States after a cybersecurity breach exposed the personal data of more than 33 million customers. The case was filed in a federal court in California by investors who accuse the company of violating U.S. securities laws following the incident.
The lawsuit claims that Coupang, along with its founder and CEO Bom Kim and Chief Financial Officer Gaurav Anand, misled investors about how strong the company’s data security systems were. It also alleges that the company failed to disclose the breach to investors on time, as required under U.S. securities regulations.
Coupang confirmed last month that unauthorized access to its systems led to the leak of customer information, including names, email addresses, delivery locations and some order history. The company said payment details and login information were not affected. After the incident, Park Dae jun, the chief executive of Coupang’s main subsidiary, resigned, and the company publicly apologized while promising to strengthen its security measures.
According to the lawsuit, Coupang discovered on November 18 that a former employee had retained access to internal systems for several months. The complaint also argues that the company downplayed its exposure to cyber risks in regulatory filings while overstating its protections. Investors who bought Coupang shares between August 6 and December 16 are seeking financial damages as investigations into the breach continue in South Korea.