Reasons why an American law firm filed a class action lawsuit against Kim Beom-seok... “Coupang’s security budget was saved”

Law Firm Daeryun/SJKP Files Complaint in New York
“Kim Beom-seok, the person in actual control of security budget and policy”

In relation to Coupang's large-scale customer information leak, a class action lawsuit was filed against not only the U.S. headquarters (Coupang Inc.) but also Chairman Kim Beom-seok.

According to the legal community on the 11th, Daeryun Law Firm's American partner law firm SJKP filed a class action lawsuit in New York on the 6th (local time) with Coupang Inc. and Chairman Kim Beom-seok as co-defendants. This lawsuit seeks responsibility for a data leak that occurred in November 2025, and the compensation claim is more than $5 million (about 7.3 billion won).

SJKP explained that the reason for designating Chairman Kim as a defendant was "not because of his position as CEO, but because he exercised actual control and decision-making authority over data security budget and policies." This is based on the legal judgment that under U.S. federal law, if a corporate illegal act occurs due to management's approval or gross negligence in management, individual executives can also be held liable.

The complaint stated that the reasons for Chairman Kim's liability were ▲Negligence, ▲Negligence Per Se, ▲Unjust Enrichment, ▲Violation of New York State Corporation Law, and ▲Breach of Implied Contract.

SJKP American lawyer Son Dong-hoo argued, "Chairman Kim neglected the establishment of a security system even though he had an obligation to protect customer information as the final decision-maker of security policy," and added, "The fact that he violated consumer protection and personal information protection laws is itself recognized as negligence." He added, "We tried to maximize the company's short-term profits by reducing the budget that should have been used to build security infrastructure out of the profits, and we judged that Chairman Kim was involved in this process and took unfair advantage."
 

“We need to set a precedent of holding CEO accountable.”

The plaintiffs in this lawsuit include New York City residents and U.S. citizens as lead plaintiffs, and all U.S. residents who suffered information leaks are included as class members. Victims residing in Korea were established as a separate subclass.

Regarding the classification of Korean victims into a lower group, Attorney Son explained, "It is not for compensation discrimination, but a device to procedurally protect the rights of groups with different places of residence and applicable laws. According to U.S. precedents, subgroups often receive substantially equal compensation as the representative plaintiff. There is no need to worry about disadvantage because the court reviews the reasonableness of the compensation proposal."

SJKP emphasized that the purpose of this lawsuit is structural change in the company beyond financial compensation. Attorney Son said, "The goal is to bring about practical system changes, such as providing financial compensation to victims as well as providing long-term risk monitoring services, especially strengthening protection for minors and the elderly."

He continued, “The purpose of this lawsuit is to set a precedent that CEOs can take personal responsibility for security incidents so that companies recognize personal information protection as a matter of survival rather than cost reduction.”
 

Reporter Hwang Jeong-won (garden@sidae.com)

[View full article]
The reason why an American law firm filed a class action lawsuit against Kim Beom-seok... “Coupang saved its security budget” (Shortcut)