Coupang Faces $5 Million Class-Action Lawsuit Over Data Breach
Severity: Medium (Score: 48.9)
Sources: Upi
Published: · Updated:
Keywords: coupang, data, breach, lawsuit, move, ahead, court
Severity indicators: breach, data breach
Summary
A $5 million class-action lawsuit against Coupang is set to proceed in the U.S. District Court for the Eastern District of New York. The lawsuit, filed in February, involves over 7,800 affected users, including U.S. citizens Cheol Hee Lee and Sebastian Park. Plaintiffs allege that Coupang's chairman, Bom Kim, failed to adequately protect customer data and manage cybersecurity systems. The court will hold an initial conference on June 17 to establish a timetable for discovery. The plaintiffs seek damages for the breach, which has raised significant concerns about data security practices. Coupang has retained Kirkland & Ellis to respond to the lawsuit. The case will also address whether class certification will be granted, allowing claims to be handled collectively. The discovery phase will begin following the initial conference, with a deadline for the defendant to file an answer by July 6. Key Points: • Coupang is facing a $5 million class-action lawsuit in the U.S. over a data breach. • The lawsuit involves over 7,800 affected users, including U.S. citizens. • The court's initial conference is scheduled for June 17 to set the discovery timetable.
Detailed Analysis
**Impact** The lawsuit affects over 7,800 Coupang users primarily in South Korea, along with U.S. citizens who are named plaintiffs. The plaintiffs seek $5 million in damages, alleging failure to protect personal data and inadequate cybersecurity management. The case could expand to include thousands more if class certification is granted, potentially increasing Coupang’s liability significantly. The breach involves personal customer information managed by Coupang, impacting e-commerce sector users across South Korea and the U.S. **Technical Details** The articles do not provide specific technical details on the attack vector, TTPs, malware, exploited CVEs, or infrastructure used in the breach. There are no indicators of compromise (IOCs) mentioned. The focus is on legal proceedings rather than the technical nature of the breach. **Recommended Response** No specific technical response actions are detailed in the articles. Defenders should monitor for updates on the discovery process that may reveal internal cybersecurity response records and data management practices. Organizations should review and strengthen cybersecurity policies and incident response documentation in anticipation of similar litigation risks.
Source articles (2)
- Coupang data breach lawsuit to move ahead in U.S. court — Upi · 2026-05-29
May 28 (Asia Today) -- A $5 million class-action lawsuit filed in the United States over Coupang's personal data breach is expected to move into a key procedural phase in mid-June. The U.S. District C… - Coupang data breach lawsuit to move ahead in U.S. court — Upi · 2026-05-29
May 28 (Asia Today) -- A $5 million class-action lawsuit filed in the United States over Coupang's personal data breach is expected to move into a key procedural phase in mid-June. The U.S. District C…
Timeline
- 2026-02-01 — Lawsuit filed against Coupang: SJKP filed a class-action lawsuit in the U.S. against Coupang and its chairman for failing to protect customer data.
- 2026-05-28 — Initial conference scheduled: The U.S. District Court will hold an initial conference on June 17 to discuss discovery and proceedings.
- 2026-07-06 — Defendant's response deadline: Coupang has until July 6 to file an answer to the lawsuit, with possible extensions for a motion to dismiss.
Related entities
- Data Breach (Attack Type)
- South Korea (Country)
- United States (Country)