Read the original SEC filing excerpt
Item 1.05. Material Cybersecurity Incidents. On November 18, 2025, Coupang Corp. ("Coupang Corp."), a wholly-owned Korean subsidiary of Coupang, Inc. (Coupang Corp., together with Coupang, Inc. ("Coupang, Inc.," "our," or "we") and its subsidiaries and affiliates, "Coupang,"), became aware of a cybersecurity incident involving unauthorized access to customer accounts (the "Incident"). Upon discovery, Coupang activated its incident response processes, disabled the threat actor's unauthorized access, reported the Incident to the relevant Korean regulatory and law enforcement authorities, and warned customers whose data was potentially accessed. Based on investigative findings, Coupang has determined that a former employee may have obtained the name, phone number, delivery address, and email address associated with up to 33 million customer accounts, and certain order histories for a subset of the impacted accounts. To Coupang's knowledge, the former employee has not publicly disclosed the obtained data. No Coupang customers' banking information, payment card information, or login credentials were obtained or otherwise compromised in the Incident. Coupang is continuing its investigation and has engaged external forensic experts to assist with the investigation. Korean regulators have initiated investigations with which Coupang is fully cooperating. While one or more Korean regulators will potentially impose financial penalties, at this time we cannot reasonably estimate any amount of losses or range of losses that may result from such penalties. Coupang's operations have not been materially disrupted. Coupang remains subject to various risks due to the Incident, including diversion of management's attention and potentially material financial losses resulting from the potential loss of revenue and potential higher expenses, including from remediation, regulatory penalties, and litigation. The former chief executive officer of Coupang Corp., our Korean subsidiary, resigned on December 10, 2025.