The lawsuit was filed in California and alleges that the eCommerce company, which is operates globally and is South Korea’s biggest online retailer, misled investors about its data security practices and failed to disclose the breach in a timely manner, Reuters reported Monday (Dec. 22).
The suit alleges that in U.S. regulatory filings, Coupang understated its vulnerability to cyberattacks and overstated its safeguards, according to the release.
Coupang did not immediately reply to PYMNTS’ request for comment.
It was reported in November that the data breach at Coupang exposed personal information of nearly 34 million customers.
The company revealed the breach on Nov. 29, saying that the unauthorized access to customer information appeared to have begun in June via overseas servers and that all the accounts affected by the breach were in Korea.
Coupang added that it became aware of the breach on Nov. 18 and reported the incident to authorities.
The company said the exposed data was limited to customers’ names, email addresses, phone numbers, shipping addresses and some order histories, and did not include login information or payment details.
In a Dec. 15 filing with the Securities and Exchange Commission (SEC), Coupang said it found that a former employee may have obtained the data and that to the company’s knowledge, the former employee had not publicly disclosed the data.
The company added that the former CEO of its Korean subsidiary, Coupang Corp., resigned on Dec. 10.
“Coupang’s operations have not been materially disrupted,” the company said in the filing. “Coupang remains subject to various risks due to the incident, including diversion of management’s attention and potentially material financial losses resulting from the potential loss of revenue and potential higher expenses, including from remediation, regulatory penalties and litigation.”
In another, separate development around cybersecurity, it was reported Dec. 1 that a California resident sued artificial intelligence startup OpenAI and data analytics provider Mixpanel after they disclosed a data breach in November. The suit alleged that the companies violated their duty to safeguard user data.
