The Science, ICT, Broadcasting, and Communications Committee of the National Assembly plans to request the presence of Coupang's founder and Chairman, Kim Bom-suk, also known as Bom Kim, as the primary witness during a hearing scheduled for December 17th to investigate the significant personal data breach within the company.
The committee endorsed the scheduling of a hearing during a session, concluding that Coupang's replies during the first round of emergency questioning on December 2 were inadequate.
Also Read: SoftBank Sells Nvidia Stake for $5.8 Billion in Surprise Move
Nine witnesses and five expert witnesses will be called to testify during the hearing. Among those scheduled to appear are six executives from Coupang, including CEO Park Dae-jun, former CEO Kang Han-seung who currently leads the company's operations in North America, and Chief Information Security Officer Brett Matthes.
Government officials, such as the Science Minister Bae Kyung-hoon and Korea Internet & Security Agency (KISA) President Lee Sang-joong, have been summoned to provide testimony. Additionally, expert witnesses, including the leader of the Personal Information Protection Commission and cybersecurity experts from academia and industry, have also been called to testify.
The committee has required Coupang and relevant entities to provide 422 documents by the end of the week. In the upcoming hearing, the committee intends to corroborate the details about the breach, evaluate Coupang's actions, and investigate possible legal or procedural transgressions.
Also Read: FTC Chief Says to Narrow Differences in Platform Regulations
The significant data breach of the e-commerce conglomerate, affecting the personal data of 33.7 million users, came to light on November 29. The exposed data contained details such as names, email addresses, phone numbers, shipping information, and purchasing records of almost all customers.
It is believed to have been obtained by a former employee with lingering access to the organization's internal networks.
Last week, the committee delivered a stern reprimand to Coupang regarding their handling of the recent crisis, criticizing the company's crisis response and communication strategies.
The committee pointed out that the company downplayed the severity of the incident by labeling it as a data "exposure" in their official notice instead of acknowledging it as a breach. This lack of transparency and accountability was deemed to diminish the seriousness of the situation.
Coupang revised its language and shared a new customer notice following public criticism. In response to an intensified investigation, the company underwent a search and seizure operation. The Seoul Metropolitan Police Agency's cyber investigation unit visited Coupang's headquarters in Songpa District to gather digital evidence on Monday morning.
The police were already examining server log records and other materials provided voluntarily by Coupang. They intend to analyze the confiscated hard drives and internal documents gathered during the search and seizure to determine if there were any illegal activities or negligence in Coupang's management of customer data.
Also Read: Vietnamese, Bruneian Leaders to Promote Development of Bilateral
Coupang has experienced a significant decrease in users following the security breach. According to IGAWorks, a company that monitors the industry, the number of daily active users dropped to 15.94 million on Saturday, which is a decrease of over 2 million from the previous day's record high of 17.99 million. Many users were logging in to review their accounts, update passwords, or learn how to remove their profiles.