The House Judiciary Committee released a report alleging that South Korea's National Intelligence Service instructed Coupang, the American e-commerce company dubbed "the Amazon of Korea," to conduct a covert operation in China to retrieve stolen data and a laptop from a riverbed.
According to the committee's investigation, a Chinese national who was a former senior engineer at Coupang began accessing consumer data outside Korea for several months starting last June. Coupang's security team confirmed the breach in November, reporting that roughly 3,000 accounts had been accessed through a stolen authentication key.
The report states that South Korean authorities directed Coupang to recover the stolen data stored on a laptop at the bottom of a murky river in China. Video footage obtained by Fox News Digital shows an individual in scuba gear retrieving a Coupang bag containing the device from muddy waters. The committee documented that South Korea's National Intelligence Service told Coupang officials they were "part of the joint government investigation" and "legally required" to cooperate.
Following the data breach, CEO Park Dae-jun resigned and was replaced by Harold Rogers as interim CEO of Coupang Corp., the South Korean subsidiary. Rogers testified before the South Korean assembly in December that the National Intelligence Service had instructed the company to retrieve the stolen data from Chinese territory.
South Korea has denied directing Coupang to enter China and obtain the laptop. Korean officials subsequently called for Rogers to face perjury charges based on his congressional testimony, and the company was fined $410 million in June—the largest privacy penalty in South Korean history.
What the Left Is Saying
Progressive critics argue that concerns about data privacy justified South Korea's regulatory response. They note that the initial breach involved a former employee accessing consumer information without authorization, raising legitimate national security questions regardless of how the subsequent investigation unfolded.
Democratic lawmakers and analysts have pointed to the severity of the data breach as justification for regulatory action. A breach affecting 3,000 accounts by a former senior engineer with access to authentication keys represents a serious violation that any government would investigate, they argue.
Civil liberties advocates note that South Korea's Personal Information Protection Commission imposed penalties in accordance with Korean law, and that foreign companies operating in the country must comply with its regulations regardless of their origin. They argue that singling out South Korea for enforcing its own privacy statutes sets a problematic precedent.
"Every government has the right to protect its citizens' data," said one Democratic staff member familiar with international tech regulation. "The issue isn't whether South Korea can investigate a breach—it's whether the response was proportionate and applied equally to domestic and foreign companies."
What the Right Is Saying
House Judiciary Committee Republicans contend that South Korea has systematically targeted American companies through aggressive use of competition policy and digital regulations. The committee's report alleges the Korea Fair Trade Commission "has been particularly aggressive in using competition policy to attack American companies."
Conservative lawmakers argue that the timing of regulatory actions against Coupang—including the $410 million fine following the company's cooperation with authorities—suggests targeted enforcement rather than neutral application of Korean law. They note that Rogers' testimony about NIS involvement was corroborated by committee documentation.
Republican members of the committee have emphasized what they describe as South Korea's alignment with China in economic matters, arguing this creates an uneven playing field for American businesses. The report details claims that Seoul coordinated with Beijing regarding data security concerns involving a Chinese national.
"American companies deserve equal treatment under international trade rules," said Committee Chairman Jim Jordan in a statement accompanying the report. "When foreign governments target our firms while protecting their own, we must respond decisively."
What the Numbers Show
$410 million: The fine imposed on Coupang by South Korea's Personal Information Protection Commission in June—the largest privacy penalty in Korean history.
3,000: Number of accounts accessed through stolen authentication credentials, according to Coupang's November breach notification to Korea Internet & Security Agency.
1: Number of formal charges filed against Harold Rogers, who has yet to be formally charged or indicted despite South Korean officials calling for perjury prosecution.
Multiple instances of alleged discriminatory regulatory treatment documented in the committee report targeting American technology companies operating in South Korea over the past five years.
The Bottom Line
The dispute between Coupang and South Korean authorities remains unresolved as both sides maintain conflicting accounts of what occurred. The company stated it "remain[s] committed to finding a constructive resolution so Coupang can once again serve as a bridge to strengthen the U.S.-Korea alliance."
South Korea's embassy rejected the committee's characterization, stating that penalties were imposed "in accordance with their law" and that Seoul is "fully committed to ensuring a fair and non-discriminatory business environment for all companies regardless of their nationality."
The case now moves to continued congressional scrutiny as Republicans seek to determine whether U.S. trade agreements with South Korea require formal review. The committee report may inform future legislative efforts to address perceived inequities in how American companies are treated abroad. Watch for potential State Department involvement and any reciprocal actions regarding Korean companies operating in the United States.