Coupang is under scrutiny following a data breach incident involving a former employee that officially disclosed over 33 million cases of user information leak, including names and emails. The company's own previous announcement claimed only 3,000 instances of leak, leading to significant public confusion. This disparity highlights concerns about Coupang's methodology in categorizing data breaches, as their definitions seem misaligned with standard data protection guidelines.

The investigation carried out by a joint public-private task force confirmed that the figures align with previous government estimates, suggesting that more than 33 million accounts were impacted. However, Coupang has been accused of minimizing the incident's severity, first using the term 'exposure' instead of 'leak' and later downplaying the leak by insisting that only 3,000 instances were tangible. Critics argue this is a blatant misinterpretation of what constitutes a data leak, as it ignores the broader impact of unauthorized access to sensitive personal data.

Further complicating matters, Coupang's communications have led to public outrage, with multiple statements reflecting contradictory information regarding the breach's severity. The company's attempts to communicate reassurances contradicted by SEC filings suggest ongoing attempts to stabilize their public image amidst widespread criticism. This situation raises questions about the accountability and transparency of organizations in handling public data protection issues, which is crucial for maintaining user trust and compliance with regulatory standards.