---
schema_version: "secwatch.filing_event.v1"
accession: "0001834584-25-000196"
form_type: "8-K"
ticker: "CPNG"
cik: "0001834584"
company_name: "Coupang, Inc."
filed_at: "2025-12-16T23:59:59+00:00"
generated_at: "2026-05-16T13:05:22.579275+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.85
calibrated_materiality_score: 0.85
confidence: "high"
source: SEC EDGAR
---

# Coupang discloses data breach affecting up to 33M customer accounts; former employee accessed personal data

## Summary
- Incident discovered Nov 18, 2025; former employee obtained name, phone, delivery address, email for up to 33M accounts.
- No banking, payment card info, or login credentials were compromised.
- Korean regulators investigating; potential financial penalties not yet estimable.
- CEO of Korean subsidiary resigned Dec 10; Harold Rogers appointed interim CEO.
- Operations not materially disrupted; investigation ongoing with external forensic experts.

## SEC filing metadata
- accession: 0001834584-25-000196
- form_type: 8-K
- ticker: CPNG
- cik: 0001834584
- company_name: Coupang, Inc.
- filed_at: 2025-12-16T23:59:59+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.85
- calibrated_materiality_score: 0.85
- confidence: high
- sec_items: 1.05
- EDGAR index: https://www.sec.gov/Archives/edgar/data/1834584/000183458425000196/0001834584-25-000196-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/1834584/000183458425000196/cpng-20251215.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0001834584-25-000196
- JSON: https://secwatch.observer/filing/0001834584-25-000196.json
- Plain text: https://secwatch.observer/filing/0001834584-25-000196.txt

## Key facts
- Cybersecurity Incidents
  Coupang, Inc. disclosed a cybersecurity incident: Unauthorized access to customer accounts by a former employee, potentially exfiltrating name, phone number, delivery address, email address for up to 33 million accounts and certain order histories. Impact: Operations have not been materially disrupted; potential financial penalties from Korean regulators, and potential material financial losses from loss of revenue, remediation, litigation, etc. Materiality is still being assessed. Discovered 2025-11-18.
  - Nature: Unauthorized access to customer accounts by a former employee, potentially exfiltrating name, phone number, delivery address, email address for up to 33 million accounts and certain order histories.
  - Impact: Operations have not been materially disrupted; potential financial penalties from Korean regulators, and potential material financial losses from loss of revenue, remediation, litigation, etc.
  - Materiality: assessing
  - Discovery: 2025-11-18
  source text: On November 18, 2025, Coupang Corp. (“Coupang Corp.”), a wholly-owned Korean subsidiary of Coupang, Inc. (Coupang Corp., together with Coupang, Inc. (“Coupang, Inc.,” “our,” or “we”) and its subsidiaries and affiliates, “Coupang,”), became aware of a cybersecurity incident involving unauthorized access to customer accounts (the “Incident”).
  evidence_url: https://www.sec.gov/Archives/edgar/data/1834584/000183458425000196/0001834584-25-000196-index.htm

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.