[Weekly Kyunghyang] “Coupang’s crisis-response approach is completely different from other major Korean conglomerates. There are reasons for it, but it’s hard to accept within Korean sensibilities.” (Former Coupang employee A)

Three days, fifteen days, two months…. That’s how long it took after large-scale personal data breaches came to light for the top decision-makers or effective controlling shareholders of KT, SK Telecom, and Lotte Card to issue public apologies.

KT’s CEO Kim Young-sub bowed his head on September 11, two days after disclosing unauthorized small-sum payment damages. The SK Telecom customer SIM data leak was disclosed on April 22, and SK Group Chairman Chey Tae-won formally apologized on May 7. Regarding the Lotte Card personal credit information leak, CEO Cho Jwa-jin apologized on September 18, and two months later, on October 14, Kim Byung-ju, chairman of majority shareholder MBK Partners, lowered his head saying, “We apologize for causing concern to the public.”

What about Coupang, whose leak affected 33.7 million people and is being called “unprecedented”? Kim Beom-seok, chair of the Coupang Inc. board who effectively controls the company, has not apologized. There has been no statement, and he does not appear even when the National Assembly summons him as a witness. Park Dae-joon, who had said, “What happened at the Korean entity is my responsibility,” resigned on December 10.

Of course, the other companies’ responses were not without problems. SK Telecom initially showed a lukewarm attitude toward SIM replacements, and replacements were delayed as SIMs were not procured in time. KT was slow to respond, failing to report a malware infection to authorities despite being aware. Lotte Card recognized the hacking belatedly and faced criticism that its compensation plan was inadequate. Above all, all three failed to exercise utmost care in security while handling customer data. Corporate apologies changed nothing. An apology is only the starting line for acknowledging wrongdoing. Still, there was value in holding press conferences and having the top executive apologize, signaling to consumers how seriously the company viewed the issue, what the current status was, and how actively it would respond.

Coupang was on a different plane. It was hard to feel that the company grasped the gravity of the situation. In its first notice of the incident, Coupang said personal information was “exposed without authorization.” The apology on the website’s landing page was replaced by a Christmas Big Sale ad two days later, and it took four days to comply with the Personal Information Protection Commission’s order to correct “exposed” to “leaked.” The company also did not proactively hold press conferences or briefings to share the situation.

This is why, during the National Assembly’s emergency inquiry into the Coupang data leak, lawmakers repeatedly characterized it as “a company that makes light of the people” and “one that looks down on the Korean government.”

Why does Coupang behave this way? A closer look is needed. Observers point to a mix of factors: it does business in Korea but is effectively an American company; it reacts more sensitively to legal or administrative liability than to public opinion or sentiment; and it is confident there are few true substitutes.

On December 2, the National Assembly held an emergency inquiry into the Coupang data leak. Coupang CEO Park Dae-joon and others appeared as witnesses, but they largely dodged questions about the cause by saying it was “under investigation” or that they “did not know.” Frustrated with the repeated answers, one lawmaker reproached them, saying, “You’re trying to get out of this by using the police (investigation) as an excuse. Police investigations determine whether a crime occurred” (Rep. Choi Min-hee of the Democratic Party of Korea).

Former Coupang employees tie this to the company’s American DNA. A said, “Isn’t the U.S. a country where even breaking a pencil sends you to court with a lawyer? There, if a company apologizes before establishing my clear responsibility, it’s taken as acknowledging (legal) liability. That’s where Coupang differs culturally from Korean companies that apologize first. Coupang’s top management is American, and its corporate structure is closer to a U.S. company.”

Former employee B also said, “Coupang wasn’t in a ‘we’re just here to make money in Korea’ mindset. But its mindset was different from domestic firms. I didn’t get the sense it placed much importance on public opinion or sentiment. Instead, ‘as long as nothing is legally wrong’ mattered more.” In other words, the company’s crisis-management top priority is aligned with “legal liability.” In fact, Coupang employs many lawyers. Not only is its legal organization large, but in-house attorneys are reportedly deployed in each business unit to conduct ongoing legal reviews of their work.

The same posture has carried over even in the worst customer data leak. With Park Dae-joon’s resignation, Harold Rogers, Coupang Inc.’s Chief Administrative Officer and General Counsel, was named interim head of Coupang. Rogers is a U.S. attorney trained at Harvard Law School who oversaw legal and crisis management at the U.S. headquarters.

Some also see the roots of Coupang’s sluggish response in its corporate governance. A National Assembly aide who has long worked on issues such as labor conditions for Coupang warehouse and delivery workers said, “Coupang CLS (Coupang’s delivery subsidiary) and Coupang CFS (Coupang’s logistics subsidiary) are separate legal entities from Coupang. Yet in discussions, they feel subordinated to Coupang headquarters. It doesn’t seem like decisions are made autonomously. Then the question is whether Coupang headquarters operates independentlybut that also desn’t seem to be the case. From the Assembly’s vantage point, it doesn’t feel tangible.” Another aide added, “From what GR staff say, major decisions appear to be reported to the U.S. They say they need confirmation from the holding company.”

Although Park told the Assembly, “This matter occurred at the Korean entity and is entirely my responsibility,” the suggestion is that major decisions are handed down through U.S. parent Coupang Inc. In 2021, Coupang Inc. Chair Kim Beom-seok stepped down as chair and registered director of the Korean entity, formally severing his tie to it. But the Korean entity is 100% owned by U.S. parent Coupang Inc., and Kim is the largest shareholder with 74% of voting rights at Coupang Inc. Indeed, Park gave notably vague answers to questions about Kim during the Assembly session. He said he was “reporting what is happening here to the board,” and that he had “directly communicated with Mr. Kim” after the incidentyet he also said he had “not yet heard” how Kim intended to resolve it. This is why some interpret Kim as being behind the passive response.

A former Coupang employee said that even without Kim’s direct intervention, the founder’s corporate culture still operates within the company. Coupang was criticized during the Assembly’s inquiry for failing to submit most requested materials. For example, it did not submit documents or regulations related to its internal security system and consistently claimed not to know the scale of sales in Taiwan and Japan. Retiree B said, “Whenever we tried to provide data like year-over-year sales externally, Kim Beom-seok would often say something to the effect of, ‘Why should we disclose that? Amazon doesn’t do that.’ That attitude continues.”

“When we applied to call CEO Kang Han-seung (former co-CEO of Coupang’s Korean entity; now head of North America business development at Coupang Inc.) as a witness, I got a lot of calls from various places. Please cancel, please delay.” (Rep. Song Jae-ho of the Democratic Party, at the National Assembly’s National Policy Committee audit in October 2021)

“There were many difficulties in applying to summon CEO Park Dae-joon as a witness for the audit. People around us asked if we could withdraw the request. The company directly sought our understanding, too.” (Rep. Park Sang-woong of the People Power Party, at the Trade, Industry, Energy, SMEs, and Startups Committee audit in October)

“In the case of Coupang Chair Kim Beom-seok, AMCHAM (the American Chamber of Commerce in Korea) even sent a somewhat threatening text message to my office. With the nuance of asking whether the National Assembly could summon him since he is a U.S. citizen.” (Rep. Yoon Han-hong of the People Power Party, at the National Policy Committee audit in October)

Even lawmakers struggled to put Coupang’s leadership on the witness stand. Kim Beom-seok has been adopted as a National Assembly witness several times, but he has never once appeared. In 2016, he was adopted and then dropped from the list. Often he is not adopted at all. For example, ahead of the 2023 parliamentary audit, after a Coupang delivery worker died, multiple lawmakers repeatedly proposed summoning Kim as a witness. In the end, however, citing his U.S. address, the bipartisan secretaries agreed not to call him and instead to summon Hong Yong-jun, head of Coupang CLS.

If one pillar of Coupang’s crisis management is “legal-driven management,” another is government affairs aimed at advancing its interests with the executive and legislative branches. Because deaths at logistics centers and fair-trade disputes with marketplace sellers have been continuous, Coupang’s leadership has been a regular at annual parliamentary audits. To respond, Coupang hired former National Assembly aides and others to handle government affairs. According to an investigation by the Kyunghyang Shinmun Digital Journalism Team, through September of this year Coupang hired 18 retired public officials, 9 of whom were from the National Assembly. As confirmed by Park Dae-joon at the Assembly, Coupang has around 50 government affairs staff handling the National Assembly and government organizations.

A Democratic Party aide said, “Both parties require management, so aides from both sides go. Coupang relies on sheer force of numbers. They recruited a lot this year. The front line actively defending Coupang’s position is its government affairs team.” A former aide said, “When our office held a forum on Coupang or released materials, acquaintances in political circles contacted us saying, ‘Coupang reached out asking if they could obtain the materials.’ I realized how extensively they were working the field.”

Coupang’s government-affairs-centric management has also drawn criticism for focusing on containing the spread of problems rather than solving their essence. A Democratic Party aide said, “I don’t think having many GR staff is the problem. It’s how they’re used. GR should hear the views of the National Assembly, civil society, and labor unions, convey them, and influence the company to fulfill its social responsibility. Instead, they merely run errands, offer explanations, and act as shields. As Coupang expanded its business with so many GR staff, how much of the Assembly’s, the government’s, civil society’s, and small merchants’ opinions were reflected?”

Despite the massive breach, global investment bank J.P. Morgan projected that “customer attrition at Coupang will be limited.” The view was that, in Korea where there are few substitutes, it would be hard for customers to leave. However, as of December 5, Coupang’s user count had declined by about 1.8 million, beyond expectations. This reflects accumulated distrust stemming from Coupang’s stance each time issues arose. The National Assembly will hold a Coupang hearing on December 17. Will Kim appear on the witness stand? Can Coupang regain even a bit of Korean consumers’ trust?