CEO Resigned After Data Breach at Major South Korean Online Retailer

Coupang Corp., a leading South Korean online retailer, experienced a significant leadership change following a data breach that affected nearly 34 million customers. Lim Hui Jie, reporting on CNBC, notes that CEO Park Dae-jun stepped down three weeks after the incident came to light. He cited personal responsibility for the breach and the subsequent recovery process.

His resignation reflects organizational accountability and South Korea’s growing scrutiny of corporate governance practices in the wake of cybersecurity failures.

Park’s tenure at Coupang began in 2012. He assumed sole CEO responsibilities after the company moved away from a dual-CEO structure. Under his leadership, Coupang expanded its business operations, developed regional infrastructure, and supported small and medium enterprises through innovative sales channels.

Systemic cybersecurity challenges, possibly influenced by cost-efficiency priorities in South Korean corporations, may have contributed to vulnerabilities that enabled the breach. 

Similar breaches have occurred in South Korea’s technology sector, including incidents at SK Telecom and the 2011 cyberattack on Nate and Cyworld. These indicate persistent risks in the national digital ecosystem.

Following Park’s departure, Coupang appointed General Counsel and Chief Administrative Officer Harold Rogers as interim CEO. Rogers’ immediate focus, according to company statements, is to alleviate customer concerns and stabilize operations while managing the breach response.

The incident illustrates the reputational consequences of cyber incidents for high-profile technology firms and demonstrates the direct accountability that can fall on top executives.

Lawyers reviewing this situation will consider the implications for corporate governance, data breach liability, and regulatory compliance. Organizations must assess internal controls, disclosure obligations, and executive accountability measures. 

Dae-jun’s resignation demonstrates the importance of integrating cybersecurity risk management into executive oversight and contingency planning, as well as monitoring potential legal exposure arising from customer data compromises.