South Korea’s government allegedly forced a US web retailer to carry out a bizarre and risky plot to recover a stolen laptop from the bottom of a river in China – part of a high-level data-privacy clampdown that US officials claim is the latest example of the country’s anti-American tech regulations run amok.
A House Judiciary Committee report released on Wednesday detailed how Seattle-based Coupang – known as the “Amazon of South Korea” where it does 90% of its business – believed it had no choice but to hire scuba divers for the James Bond-style caper as top South Korean regulators pressed for an elaborate probe of a November data breach that affected 33 million customers.
Indeed, while South Korea’s National Intelligence Service denied any involvement, Coupang compiled a host of evidence to the contrary — including messages from a senior government aide affirming that South Korea’s president had been briefed on the operation.
The “highest levels of the South Korean government, including President Lee Jau-myung himself, knew that the NIS had been closely instructing Coupang on the recovery operation and that Coupang acted in response to these directives,” the report said.
Coupang faced 40 investigations from 11 different South Korean agencies, threats of travel bans for its executives and potential fines of up to 10% of its global revenue, the report said. On June 11, South Korea’s Personal Information Protection Commission fined Coupang $410 million — nearly twice its profit last year — after finding that the company had illegally harvested customer data.
The December mission focused on a rogue Coupang employee, a Chinese national who had allegedly extracted the personal data of 3,000 customers — a tiny fraction of the 33 million who were caught in a massive data breach at the company reported on Nov. 27 – and fled to Shanghai, according to the report.
Coupang contacted the rogue employee, who confessed and agreed to turn over several devices linked to the theft – except for a laptop he had tossed into a Shanghai river in a panic, according to the 35-page report, a copy of which was obtained by The Post.
South Korea’s NIS allegedly told Coupang that its agents couldn’t personally retrieve the devices because Chinese law bars foreign intelligence agencies from operating on its soil. Instead, it ordered Coupang to send one of its own employees to collect the devices and the rogue employee’s fingerprints – all under the Chinese government’s nose.
A Coupang rep traveled to Shanghai on Dec. 17 to meet with the suspect and his lawyer, who handed over a desktop PC, four hard drives and copies, a graphics card and a signed confession. But the next day, the NIS told Coupang it was still required to recover the missing laptop.
Coupang complied — hiring a scuba diving team to fish the device out of the grimy water, according to the report.
All of the recovered materials, including the devices, the employee’s confession and fingerprints, were submitted to a waiting NIS official, who brought them to the nearby Korean consulate in Shanghai. The Coupang employee was told to verify there were “no CCTV cameras to capture the handoff,” according to a document cited in the report.
After the “dangerous recovery operation” was deemed a success, South Korea and its National Intelligence Service stunned Coupang officials by denying any participation, according to the report to the House Judiciary Committee, which is chaired by Rep. Jim Jordan (R-Ohio).
Coupang’s interim CEO Harold Rogers told House Judiciary officials that he “never would’ve authorized an employee to go to China” or “authorized hiring a diving crew in broad daylight in China to retrieve a device unless [he] firmly believed that [Coupang] had a legal obligation and a requirement to do so,” the report said.
Other evidence included a signed letter from an NIS dated Dec. 2 confirming that Coupang had a legal obligation to comply with its orders. Between Dec. 1 and Dec. 26, the NIS exchanged more than 230 phone calls with Coupang related to its investigation into the data breach and also held several in-person meetings with the company about the recovery plan, the report added.
The pressure campaign came to a head at the end of December, when Coupang’s Rogers was grilled during two days of hearings by South Korea’s National Assembly.
When Rogers testified that Coupang had followed “this agency’s instructions” about containing the data breach, referring to the NIS, the government responded by threatening criminal perjury charges against him, as well as a potential travel ban. Those charges are still pending.
The NIS explicitly denied Coupang’s claims in a press release on Dec. 26 and again on Dec. 30, declaring they were “completely false.”
“This is directly contradicted by documents and testimony obtained by the Committee,” the House Judiciary report said.
The Coupang operation was part of an effort to hamstring US tech firms that South Korea fears are a threat to homegrown rivals, according to the report. Google’s Maps service is currently banned in the country, while OpenAI, Meta, Apple and Netflix have all faced investigations from South Korean regulators.
“South Korea has weaponized digital laws and regulations to hinder the ability of innovative American companies to effectively compete in its market,” added the report, which compared the country’s regulatory tactics to those employed by Europe against the US tech industry.
Coupang in particular has been a repeated target for top South Korean officials, noted Kate Kalutkiewicz, who served as senior director of trade policy at the National Economic Council during President Trump’s first term in office.
That includes South Korean President Lee Jae Myung, who declared on Dec. 2 that Coupang and other companies that violate data security rules should face penalties so severe that they could go out of business.
“I think it’s a very big deal,”Kalutkiewicz said. “If we’re talking about a partner like South Korea, the fact that it is threatening criminal charges and the type of harassment and accusations being levied at executives of a of a large American company is fairly unusual, to say the least.”
Korea’s SK Telecom was fined just $97 million for a breach that exposed about 27 million customers including sensitive user data, while another firm, Kakao, was fined $11 million for a breach that exposed about 40 million accounts.
Coupang has said cybersecurity experts who reviewed the breach said it was minor in nature and did not result in harm to customers.
“We regret the circumstances that led to the House Judiciary Committee’s investigation and we remain committed to finding a constructive resolution so Coupang can once again serve as a bridge to strengthen the US-Korea alliance, accelerating trade and investment that benefits both countries,” a Coupang Inc. spokesperson said in a statement.
Secretary of State Marco Rubio warned on June 2 that US companies are facing “targeting in South Korea” which had “frankly impacted our ability to conclude a trade agreement with them.” Coupang, which was founded by Harvard-educated Korean American Bom Kim, claims to be the poster child for that mistreatment.
Aside from top Trump administration officials like Vice President JD Vance, lawmakers on both sides of the aisle have rallied to Coupang’s defense, including more than 50 Republicans who ripped South Korea’s regulatory tactics in a fiery April letter.
Demetrios Marantis, a former acting US Trade Representative, described the South Korean government’s treatment of Coupang as “by far the worst that I’ve ever seen in 30-plus years.”
“There is a whole-of-government assault on a US company in a way that is so disproportionate to how the Korean government has treated Korean and Chinese companies who have been in similar situations,” Marantis said.
South Korean government officials did not immediately return requests for comment.












