{"schema_version":"secwatch.filing_event.v1","accession":"0001834584-25-000196","form_type":"8-K","ticker":"CPNG","cik":"0001834584","company_name":"Coupang, Inc.","filed_at":"2025-12-16T23:59:59+00:00","discovered_at":"2026-05-14T18:02:40.706227+00:00","generated_at":"2026-05-16T13:05:22.579275+00:00","sec_items":["1.05"],"event_type":"cyber","sentiment":"negative","materiality_score":0.85,"calibrated_materiality_score":0.85,"confidence":"high","headline":"Coupang discloses data breach affecting up to 33M customer accounts; former employee accessed personal data","bullets":["Incident discovered Nov 18, 2025; former employee obtained name, phone, delivery address, email for up to 33M accounts.","No banking, payment card info, or login credentials were compromised.","Korean regulators investigating; potential financial penalties not yet estimable.","CEO of Korean subsidiary resigned Dec 10; Harold Rogers appointed interim CEO.","Operations not materially disrupted; investigation ongoing with external forensic experts."],"urls":{"canonical":"https://secwatch.observer/filing/0001834584-25-000196","json":"https://secwatch.observer/filing/0001834584-25-000196.json","markdown":"https://secwatch.observer/filing/0001834584-25-000196.md","text":"https://secwatch.observer/filing/0001834584-25-000196.txt","edgar_index":"https://www.sec.gov/Archives/edgar/data/1834584/000183458425000196/0001834584-25-000196-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/1834584/000183458425000196/cpng-20251215.htm"},"model":{"generated_by":"deepseek-v4-flash:cloud@v2","generated_at":"2026-05-16T13:05:22.579275+00:00"},"review":{"review_status":"machine_generated","human_reviewed":false,"corrected":false,"correction_note":null,"correction_timestamp":null,"superseded_by":null,"related_filings":[]},"source_grounded_claims":[{"claim_id":"59d15f3d318b98edb7aa944542b60c1130cf4984","claim":"Coupang, Inc. disclosed a cybersecurity incident: Unauthorized access to customer accounts by a former employee, potentially exfiltrating name, phone number, delivery address, email address for up to 33 million accounts and certain order histories. Impact: Operations have not been materially disrupted; potential financial penalties from Korean regulators, and potential material financial losses from loss of revenue, remediation, litigation, etc. Materiality is still being assessed. Discovered 2025-11-18.","evidence_excerpt":"On November 18, 2025, Coupang Corp. (“Coupang Corp.”), a wholly-owned Korean subsidiary of Coupang, Inc. (Coupang Corp., together with Coupang, Inc. (“Coupang, Inc.,” “our,” or “we”) and its subsidiaries and affiliates, “Coupang,”), became aware of a cybersecurity incident involving unauthorized access to customer accounts (the “Incident”).","evidence_source":"SEC 8-K Item 1.05","evidence_url":"https://www.sec.gov/Archives/edgar/data/1834584/000183458425000196/0001834584-25-000196-index.htm","confidence":0.9,"family_label":"Cybersecurity Incidents","details":[{"label":"Nature","value":"Unauthorized access to customer accounts by a former employee, potentially exfiltrating name, phone number, delivery address, email address for up to 33 million accounts and certain order histories."},{"label":"Impact","value":"Operations have not been materially disrupted; potential financial penalties from Korean regulators, and potential material financial losses from loss of revenue, remediation, litigation, etc."},{"label":"Materiality","value":"assessing"},{"label":"Discovery","value":"2025-11-18"}],"fact_type":"cyber_incident"}],"license":"Source filings: public domain (SEC EDGAR). Summaries (headline + bullets): CC-BY-4.0; attribute https://secwatch.observer"}