Coupang’s massive data breach in South Korea has now become a geopolitical flashpoint as a growing number of the company’s U.S. investors take legal action against the South Korean government.
What began as a regulatory investigation into data security failures has expanded into a broader dispute over alleged unfair treatment of the U.S.-headquartered company.
While Coupang — which operates in South Korea, Taiwan, and Japan — is often referred to as the “Amazon of South Korea,” its worldwide headquarters are actually in Seattle, Washington.
The company’s investors are now seeking international arbitration under the U.S.-Korea Free Trade Agreement (FTA). On January 23, 2026, U.S. investment firms Greenoaks and Altimeter filed a notice with South Korea’s Ministry of Justice, saying they suffered losses from what they characterized as the government’s discriminatory investigation into the data breach. They said they plan to pursue investor–state dispute settlement (ISDS) arbitration under the U.S.-Korea FTA.
South Korea’s Ministry of Justice said Thursday that three more investors, including Abrams Capital, Durable Capital Partners, and Foxhaven Asset Management have now joined the case. They are alleging the government acted unlawfully toward the e-commerce company.
To recap the incident: In December, Coupang disclosed that nearly 34 million Korean customers’ personal information had been leaked in a data breach that had been going on for more than five months. The breach involved customer names, email addresses, phone numbers, shipping addresses, and certain order histories, the company said.
While other tech breaches in Korea resulted in less severe penalties, Coupang has faced extraordinary government pressure. The government reportedly threatened massive fines, suspension of operations, and travel bans for executives while Coupang’s investors allege it also sought to block public communication and repeatedly misrepresented the scope of the breach.
Techcrunch event
Boston, MA
|
June 23, 2026
Korea’s Personal Information Protection Commission (PIPC) said that more than 30 million Coupang accounts were exposed — but the facts point to just 3,000 affected accounts, according to Coupang’s investors.
In December, South Korea’s government and the PIPC said the Coupang breach was serious enough to justify higher fines. Under current law, penalties are capped at 3% of revenue, m …