Personal Data Breach Becomes a Trade Variable as Political Fallout Over Coupang Spills Into Washington

Security concerns overshadowed by political confrontation
U.S. seen laying groundwork for potential tariff action
Possible counter-legislation framed as protection of domestic firms

Debate surrounding the illegal access to customer data by a former Coupang employee has expanded beyond domestic political disputes in Korea to draw scrutiny from the U.S. Congress, heightening attention on the case. Coupang’s management has maintained that there is no evidence of external leakage or misuse of sensitive information. Yet controversy over regulatory fairness and the intensity of government investigations during parliamentary proceedings has complicated the issue. With the matter now linked to congressional testimony in the United States and potential trade implications, what began as a corporate security incident is increasingly taking on the character of an international political variable.

Regulatory Pressure Takes Center Stage, Core Issue Recedes

Harold Rogers, interim CEO of Coupang Korea, attended a conference call held after the close of the U.S. stock market on the 26th and provided investors with an update on the personal data incident and its subsequent developments. Rogers acknowledged that “last year, a former Coupang employee illegally accessed more than 33 million user accounts and stored information from approximately 3,000 Korean user accounts and one Taiwanese account.” He emphasized, however, that “there is no evidence that anyone else viewed the information, and no instances of customer data misuse have been identified.”

Coupang characterized the episode not as an external cyberattack but as misconduct by an internal employee. Rogers described it as “a crime committed by a former employee against Coupang and its customers,” adding that the company is urging the maximum penalties permitted by law. The information accessed consisted primarily of basic contact data, including names, email addresses, phone numbers, delivery addresses, and partial order histories. There was no confirmed access to financial information, passwords, or resident registration numbers. Although 2,609 shared residential building entry codes were included, the company stated that no other high-risk data exposure was identified.

Post-incident measures focused on engagement with external specialists. Coupang commissioned forensic investigations by U.S. cybersecurity firms Mandiant and Palo Alto Networks. Their findings aligned with the company’s assessment that information from roughly 3,000 Korean accounts and one Taiwanese account had been stored and later deleted. All devices used in the incident were recovered, and monitoring of dark web and deep web channels revealed no evidence of distribution or misuse. Rogers added that the Korean National Police Agency and a joint public-private government task force likewise found no evidence of secondary harm.

Industry observers noted that the focus of debate has shifted from technical remediation to political confrontation. During National Assembly questioning, disputes over corporate responsibility intensified, while discussion of systemic security improvements receded. Some critics argued that although the core of data breach response lies in strengthening preventive systems and internal controls, political pressure has distorted the direction of the debate. Coupang Inc. Chairman Kim Bom stated that the company would reinforce security systems to secure long-term success and continue cooperating with government investigations while implementing additional improvements.

“Discrimination Against a U.S. Company,” Trade Act Section 301 in Focus

On the 23rd (local time), the U.S. House Judiciary Committee summoned Rogers for closed-door testimony. The Subcommittee on the Administrative State, Regulatory Reform, and Antitrust sought documents and testimony to examine whether the Korean government’s enforcement actions treated Coupang, a U.S.-based company, in a discriminatory manner. The seven-hour session took place outside a formal public hearing, with committee counsel probing factual details. Recorded testimony may serve as a reference point for future legislative initiatives or trade policy formulation.

U.S. lawmakers described Korea’s regulatory actions as “aggressive targeting” of American technology leaders. House Judiciary Chairman Jim Jordan and Subcommittee Chairman Scott Fitzgerald argued in a subpoena that Korea had unfairly singled out Coupang despite recent trade agreements. Vice President JD Vance also raised the matter during a meeting with Korea’s prime minister, stating that data breach–related sanctions should be managed carefully to prevent misunderstandings from escalating between the two countries. His remarks underscored the political weight the issue has acquired.

Observers point to intensified lobbying efforts in Washington as a key factor behind congressional intervention. The nonprofit watchdog OpenSecrets estimated that Coupang’s lobbying expenditures rose from $940,000 in 2021 to $2.27 million in 2025. Through its political action committee, COUPAC, the company contributed between $5,000 and $10,000 to lawmakers including Suzan DelBene, Carol Miller, Adrian Smith, and Darrell Issa. Notably, Chairman Jordan was reportedly among the lobbying targets, suggesting that Coupang’s position has been conveyed directly to influential figures within Congress.

Within the United States, some interpret congressional activity as laying strategic groundwork for invoking Section 301 of the Trade Act. As the Trump administration has signaled its intention to deploy Section 301 to impose global tariffs, testimony and documentation collected by Congress could serve as evidence in trade pressure against Korea. GreenOaks and Altimeter Capital, major investors in Coupang, have petitioned the Office of the U.S. Trade Representative (USTR) to investigate the Korean government’s actions and consider appropriate trade remedies, including retaliatory tariffs. When asked whether Rogers’ testimony might be used in a Section 301 investigation, a Judiciary Committee spokesperson replied, “That is unknown,” leaving the possibility open.

Expanding Into a Political Flashpoint

As a dispute that began as a corporate matter is reframed within congressional discourse as a policy issue, the Coupang case is increasingly viewed through a political lens. Section 301 of the U.S. Trade Act allows the imposition of tariffs without statutory rate limits in response to unfair trade practices, and it has previously been invoked in the 1980s U.S.-Japan semiconductor negotiations and in recent measures against China. France also faced potential Section 301 retaliation in 2024 over its digital tax initiative. The pathway by which a specific corporate case becomes linked to broader trade enforcement tools is therefore well established.

Attention is now focused on the potential linkage between congressional inquiries and executive branch trade policy. After the U.S. Supreme Court ruled that President Donald Trump’s reciprocal tariff measures under the International Emergency Economic Powers Act (IEEPA) were unlawful, USTR stated that Section 301 investigations could encompass “most major trading partners,” adding that the scope includes “unreasonable, discriminatory, and burdensome acts.” The language mirrors arguments raised by Coupang, reinforcing speculation about policy convergence.

At the same time, some members of Congress have floated proposals to institutionalize mechanisms protecting U.S. firms operating under foreign regulatory regimes. Discussions have included strengthening non-discrimination obligations on foreign governments or mandating congressional reporting in cases of trade disputes. Such legislative initiatives would both counter overseas regulatory actions highlighted in the Coupang case and bolster the administration’s use of assertive trade tools such as Section 301. Even absent immediate enactment, the debate itself conveys a forceful political message that U.S. trade interests will be defended.