Coupang (NYSE: CPNG) outlines cyber breach impact and KRW 1.685T vouchers

Rhea-AI Filing Summary

Coupang, Inc. provided an update on the cybersecurity incident at its Korean subsidiary. The company reports that the perpetrator has been identified, is cooperating with investigators, has turned over all devices used, and that while approximately 33 million accounts were accessed, data was saved from about 3,000 customer accounts and has since been deleted without being shared with third parties.

Coupang’s Korean unit announced a customer compensation program totaling approximately 1.685 trillion won (about $1.2 billion) in vouchers, to be issued starting January 15, 2026, to affected customers notified at the end of November 2025. These vouchers will reduce the selling price and revenue recognized on each related transaction. The investigation into the incident remains ongoing, and the company notes potential legal, reputational, and financial impacts.

Positive

• None.

Negative

• Large compensation cost and revenue impact: Coupang’s Korean subsidiary plans to issue about 1.685 trillion won (approximately $1.2 billion) in vouchers, which will reduce selling prices and recognized revenue on future transactions.
• Ongoing uncertainty from cyber incident: The investigation continues, and the company notes potential legal, reputational, and financial harm, including possible regulatory penalties, litigation, and additional remediation expenses.

Insights

Equity analyst

Large cyber incident compensation creates potential material financial and reputational impact.

Coupang reports that about 33 million accounts were accessed in a cybersecurity incident at its Korean subsidiary, but data from only about 3,000 customer accounts was saved and has been deleted without being shared with third parties. The perpetrator has been identified, is cooperating, and has surrendered all devices, which may help contain further misuse of data.

The company’s Korean unit plans a substantial customer compensation program of approximately 1.685 trillion won (about $1.2 billion) in vouchers for affected customers, starting on January 15, 2026. Accounting-wise, these vouchers will be treated as reductions to selling price and revenue on each related transaction, which could weigh on reported revenue metrics over the period in which they are redeemed.

Coupang highlights that the investigation is ongoing and that the incident could result in legal, reputational, and financial harm, including possible regulatory penalties, litigation outcomes, and higher expenses related to remediation and customer compensation. The ultimate impact will depend on findings from the continuing investigation and how customers, regulators, and other stakeholders respond over time.

0001834584TRUEcpng:accountcpng:numberOfCustomersiso4217:KRWiso4217:USD00018345842025-12-152025-12-15

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 8-K/A

(Amendment No. 1)

CURRENT REPORT

Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934

December 15, 2025

Date of Report

(Date of earliest event reported)

COUPANG, INC.

(Exact name of registrant as specified in its charter)

Delaware

001-40115

27-2810505

(State or other jurisdiction of incorporation or organization)

(Commission File Number)

(I.R.S. Employer Identification Number)

720 Olive Way, Suite 600

Seattle, Washington 98101

(Address of principal executive offices, including zip code)

(206) 333-3839

(Registrant’s telephone number, including area code)

Not Applicable

(Former name or former address, if changed since last report)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:

☐ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)

☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)

☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))

☐ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

Title of Each Class

Trading Symbol(s)

Name of Each Exchange on Which Registered

Class A Common Stock, par value $0.0001 per share

CPNG

New York Stock Exchange

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (17 CFR §230.405) or Rule 12b-2 of the Securities Exchange Act of 1934 (17 CFR §240.12b-2).

Emerging growth company ☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Item 1.05. Material Cybersecurity Incidents.

On December 24, 2025 (PST) and December 28, 2025 (PST), Coupang Corp., a wholly-owned Korean subsidiary (“Coupang Corp.”) of Coupang, Inc. (“Coupang, Inc.,” “our,” or “we”) (Coupang Corp., together with Coupang, Inc. and its subsidiaries and affiliates, “Coupang,”), issued updates (collectively, the “Updates”) on the cybersecurity incident (the “Incident”) disclosed in the Current Report on Form 8-K filed by Coupang, Inc. with the U.S. Securities and Exchange Commission (the “SEC”) on December 16, 2025. The Updates provided, in part, that the perpetrator of the Incident has been identified, is cooperating with Coupang and investigators, and has turned over all devices used in the Incident. Further, the investigation to date indicates that while approximately 33 million accounts were accessed, the perpetrator only saved limited data from approximately 3,000 customer accounts, and such customer data has been deleted without having been shared with a third party. In addition, Coupang Corp. announced a customer compensation program to issue approximately 1.685 trillion won (approximately $1.2 billion) worth of vouchers, starting January 15, 2026, to customers who were notified of the Incident at the end of November 2025 that may be applied towards future Coupang purchases. These vouchers will be reflected as reductions to the selling price and revenue recognized on each corresponding transaction.

Item 7.01. Regulation FD Disclosure.

The investigation regarding the Incident is ongoing. Copies of the Updates are furnished as Exhibit 99.1 to this Current Report on Form 8-K/A. In addition, as part of our ongoing commitment to transparency to our investors, customers, and other stakeholders, we may provide additional updates regarding the Incident and relevant developments at: https://www.aboutcoupang.com or https://news.coupang.com.

In accordance with General Instruction B.2 of Form 8-K, the information in this Item 7.01 and Exhibit 99.1 shall not be deemed to be “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or otherwise subject to the liability of that section, and shall not be incorporated by reference into any registration statement or other document filed under the Securities Act of 1933, as amended, or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.

The information that can be accessed through hyperlinks or website addresses included in this Current Report on Form 8-K/A is deemed not to be incorporated in or part of this report.

Forward-Looking Statements

This Current Report on Form 8-K/A contains “forward-looking statements” within the meaning of the “safe harbor” provisions of the Private Securities Litigation Reform Act of 1995, including but not limited to, express or implied statements regarding our expectations regarding our ability to assess the Incident and its impact on Coupang, its customers, operations, and financial results. In some cases, you can identify forward-looking statements because they contain words such as "anticipate," "believe," "contemplate," "continue," "could," "estimate," "expect," "intend," "may," "plan," "potential," "predict," "project," "should," "target," "toward," "will," "shall," "remains," "goal," "objective," "seek," "strategy," "transform," "restore," "future," "opportunity," "runway," “trajectory," or "would," and the negative of these words or other similar terms or expressions. Such forward-looking statements include, but are not limited to, statements regarding the nature and scope of the Incident, the ongoing investigations regarding the Incident, the impact of the Incident on Coupang, its customers, operations, and financial results, and the customer compensation program and its accounting treatment. Actual results and outcomes could differ materially for a variety of reasons, including, among others, Coupang’s ongoing assessment of the impacts of the Incident, including the potential discovery of additional information related to the Incident; Coupang’s expectations regarding its ability to contain and remediate the Incident; the magnitude of the potential disruption to Coupang’s business and operations; the impact of the Incident on Coupang’s relationships with customers, employees, merchants, suppliers, advertisers, investors, regulators and governmental authorities; legal, reputational, and financial harm that may result from the Incident, including financial penalties and litigation awards or settlements that may arise from regulatory investigations or litigation in connection with the Incident; distraction of management or other diversion of resources from business operations caused by the Incident; and the potentially material financial impact of the potential loss of revenue and potential higher expenses, including from remediation, regulatory penalties, litigation, customer compensation, or other additional expenses that may be incurred or borne by Coupang in connection with the Incident. Coupang is also subject to other risks and uncertainties. For additional information on other potential risks and uncertainties that could affect Coupang, please see our most recent Annual Report on Form 10-K and subsequent SEC filings. All forward-looking statements in this report are based on information available to Coupang and assumptions and beliefs as of the date hereof, and Coupang disclaims any obligation to update any forward-looking statements, except as required by law. You should not place undue reliance on our forward-looking statements.

Item 9.01 Financial Statements and Exhibits.

(d) Exhibits.

Exhibit Number						Description of Exhibit
99.1						Updates on Coupang Corp. (Korean Subsidiary) Cybersecurity Incident
104						Cover Page Interactive Data File (formatted as inline XBRL and contained in Exhibit 101)

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

COUPANG, INC.
By:			/s/ Harold L. Rogers
Name:			Harold L. Rogers
Title:			General Counsel and Chief Administrative Officer

Dated: December 29, 2025

FAQ

What cybersecurity incident did Coupang (CPNG) report in this update?

Coupang reported that its Korean subsidiary experienced a cybersecurity incident in which approximately 33 million accounts were accessed. The company states that the perpetrator has been identified, is cooperating with investigators, and has turned over all devices used in the incident.

How much customer data was saved in the Coupang (CPNG) cyber incident?

According to Coupang, while about 33 million accounts were accessed, the perpetrator only saved limited data from approximately 3,000 customer accounts, and this data has been deleted without being shared with any third party.

What compensation is Coupang (CPNG) offering customers affected by the incident?

Coupang’s Korean subsidiary announced a customer compensation program to issue approximately 1.685 trillion won (about $1.2 billion) in vouchers to customers who were notified of the incident at the end of November 2025, starting on January 15, 2026.

How will the Coupang (CPNG) vouchers be accounted for in its financial statements?

Coupang states that the vouchers will be reflected as reductions to the selling price and revenue recognized on each corresponding transaction where they are used.

Is the investigation into the Coupang (CPNG) cyber incident complete?

No. Coupang indicates that the investigation into the cybersecurity incident is ongoing and that it may continue to provide further updates on its websites aboutcoupang.com and news.coupang.com.

What potential risks does Coupang (CPNG) highlight from the cyber incident?

Coupang notes that the incident could lead to legal, reputational, and financial harm, including possible regulatory investigations, penalties, litigation outcomes, business disruption, customer compensation costs, and other additional expenses.