South Korea’s largest online retailer, Coupang, has been rocked by a massive data breach that exposed the personal details of nearly 34 million customers, forcing CEO Park Dae-jun to resign amid mounting scrutiny from regulators and the public.
The breach, one of the most severe in South Korea’s history, reportedly included names, email addresses, phone numbers, and shipping details. While Coupang said that payment and login credentials were not compromised, the scale of the exposure has prompted police raids and a government-led investigation. The company has since apologised and appointed Chief Administrative Officer Harold Rogers as interim CEO while pledging to overhaul its cybersecurity practices.
According to Paul German, CEO at Certes, this incident is emblematic of a much broader trend. “2025 has, unfortunately, been the year of the high-profile data breach. Millions, no, billions, of dollars have been squandered in terms of reputational damage, lost sales and productivity, not to mention judicial penalties. When you factor in the knock-on effects across supply chains and third-party suppliers, the true cost of data exposure becomes staggering.”
German says Coupang’s leadership change underscores a critical lesson for corporate boards everywhere: data protection is no longer just a technical concern but a boardroom responsibility. “The CEO’s resignation is a stark reminder that data protection is not an IT issue, but an executive issue,” he adds. “Ultimately, it is the Board’s duty to ensure the company’s data is protected, wherever it resides. For any CEO, failure to do so risks not just the organisation’s trust, but their own career.”
As Coupang works to regain customer confidence, the company’s turmoil serves as a cautionary tale for global business leaders: in an era where cyber incidents can destroy reputations overnight, executive accountability for data security is non-negotiable.
