Kim Beom-su, founder and chairman of U.S.-listed e-commerce giant Coupang, said the company made a mistake by not apologizing immediately after a recent data breach, acknowledging that its initial crisis response eroded trust even as it worked behind the scenes to contain the incident.
In his first public remarks since the breach was disclosed about a month ago, Kim said he had believed it was more responsible to first confirm facts and prevent further damage before addressing the public—a judgment he now calls wrong. “While we focused on mobilizing resources to resolve the incident, the absence of an immediate apology and clear communication deepened frustration and weakened trust,” Kim said.
The delayed apology places Coupang in a familiar predicament for global tech firms: when sensitive customer data is exposed, pauses in public accountability are often viewed as failures of crisis management rather than prudent caution, especially amid high expectations for executive transparency.
Kim conceded that Coupang’s initial response fell short. “I should have expressed regret and responsibility from the beginning, while simultaneously working to secure systems,” he said. He framed the episode as a lesson in how leadership during a crisis is judged not only by intent but by public perception and timeliness.
According to the company, Coupang has collaborated with government investigators over the past month to recover leaked information. So far, about 3,000 customer records have been identified on the perpetrator’s device, with no evidence that the data was distributed or sold. The probe remains ongoing.
Kim described the breach as a turning point for the company. He pledged to “rebuild customer trust from the ground up,” including preparing compensation for affected South Korean users and conducting a comprehensive overhaul of Coupang’s cybersecurity framework. He promised sustained investment, closer board-level oversight, and a full review of the vulnerabilities that made the breach possible.
As details of the incident come into focus, attention is shifting from the apology itself to what follows. The speed of compensation, transparency of security reforms, and rigor of board-led accountability will determine whether the breach is seen as an isolated failure or a defining test of Coupang’s governance in the eyes of customers and investors.
