A U.S.-based law firm with Korean ties said it will file a class-action lawsuit in American courts seeking punitive damages from Coupang Inc., the New York-listed parent company of South Korean e-commerce giant Coupang, after a data breach that compromised the information of tens of millions of users.
SJKP, the American affiliate of Seoul-based law firm Daeryun, announced the planned litigation at a press conference in Manhattan on Dec. 8. The suit will target Coupang Inc., which is incorporated in Delaware and traded on the NYSE, as well as its wholly owned Korean operating subsidiary.
The move follows Coupang’s disclosure late last month that personal data from approximately 33.7 million customer accounts—including names, phone numbers, addresses and partial order histories—had been exposed.
“Coupang’s parent is a U.S. corporation, listed in the U.S., and we plan to use the U.S. judicial system to uncover what happened and obtain meaningful compensation,” said Daeryun managing partner Kook-Il Kim.
Mr. Kim stressed that the U.S. action would be distinct from lawsuits already underway in South Korea. Domestic cases, he said, focus primarily on consumer compensation, while the American filing will center on alleged corporate governance failures and possible violations of disclosure obligations by a U.S.-listed company.
He added that about 200 plaintiffs who have joined the Korean suits have also agreed to participate in the U.S. case, with more expected. The class is likely to include not only South Korean victims but also American residents and consumers who used Coupang’s platform.
Tal Hirschberg, an attorney at SJKP, said a core objective will be to demonstrate that key decisions regarding data security and IT infrastructure were made or influenced by Coupang’s U.S. headquarters. “Through the discovery process in the U.S., we will seek to compel the production of all relevant internal documents,” Mr. Hirschberg said.
The firm aims to file the suit by year-end as the plaintiff group expands. Mr. Kim noted that the role of the U.S. parent “cannot be fully uncovered through Korean civil proceedings,” suggesting the American case will scrutinize the relationship between the parent and its Korean unit.
The U.S. legal system’s allowance for punitive damages could significantly raise the financial stakes for Coupang compared with liabilities in South Korea, where such damages are rare. Mr. Kim pointed to major U.S. data-breach settlements as reference points, including T-Mobile’s $350 million agreement in 2022 and Equifax’s up to $700 million settlement in 2019.
“Based on precedents involving serious corporate negligence, we intend to hold Coupang accountable for its governance and risk-management failures,” Mr. Kim said.
The planned lawsuit adds an international dimension to the legal fallout facing Coupang, which continues to dominate South Korea’s e-commerce landscape despite the breach. Several Korean law firms are also preparing domestic class actions, raising the possibility of coordinated cross-border litigation.
