Imagine waking up to the news that a massive data breach has exposed the personal information of over 33 million customers, and the company involved may have delayed telling anyone about it. That's exactly what happened with Coupang (CPNG), and now investors are fighting back.
A securities class action lawsuit, Barry v. Coupang, Inc., et al., No. 5:25-cv-10795 (N.D. Cal.), has been filed on behalf of investors who purchased Coupang securities between August 6, 2025, and December 16, 2025. But here's where it gets controversial: the lawsuit alleges that Coupang not only failed to protect customer data but also may have misled investors about the strength of its cybersecurity measures and the timing of its disclosures. Did Coupang prioritize its reputation over transparency? That's the question at the heart of this case.
Coupang, a global powerhouse offering retail, food delivery, video streaming, and fintech services under brands like Coupang, Coupang Eats, Rocket Now, and Farfetch, has long touted its mission to revolutionize everyday life. The company has repeatedly assured investors that its cybersecurity protocols, including encryption and authentication technology, are robust enough to safeguard sensitive information. But the recent data breach—attributed to a former employee who allegedly retained access credentials—has cast serious doubt on those claims.
And this is the part most people miss: The lawsuit isn't just about the breach itself; it's also about whether Coupang's disclosure controls were adequate. According to the complaint, Coupang first detected the breach on November 18, 2025, but didn't publicly acknowledge it until November 30, 2025, when Reuters broke the story. The company's interim report on December 16, 2025, confirmed the breach and warned of potential financial losses, including regulatory penalties. By then, Coupang's market capitalization had plummeted by over $8 billion.
Hagens Berman, a leading national shareholders' rights firm, is spearheading the investigation. Reed Kathrein, the partner leading the case, stated, 'We're focused on when Coupang determined the breach was material and whether the company reported it in a timely manner, as required by the SEC.' Investors who suffered substantial losses are urged to submit their claims, and individuals with insider knowledge are encouraged to come forward.
Here’s the controversial question: Did Coupang's leadership act responsibly, or did they prioritize damage control over investor transparency? The resignation of the CEO of Coupang's South Korean e-commerce unit amid the fallout adds another layer of intrigue. South Korean authorities have also launched investigations, raising concerns about potential regulatory violations.
If you invested in Coupang during the class period and experienced significant losses, or if you have information that could aid the investigation, visit www.hbsslaw.com/investor-fraud/cpng or contact Hagens Berman at 844-916-0895. Whistleblowers with non-public information may also be eligible for rewards under the SEC Whistleblower program, potentially receiving up to 30% of any successful recovery.
Hagens Berman is renowned for its work in corporate accountability, having secured over $2.9 billion for clients harmed by corporate negligence. For more information, visit hbsslaw.com or follow them on Twitter @ClassActionLaw.
What do you think? Did Coupang drop the ball on cybersecurity and transparency, or is this just a case of bad luck compounded by external pressures? Share your thoughts in the comments—we want to hear from you!
