South Korea has handed down a massive fine of 625 billion won (US$409.30 million) to e-commerce behemoth, Coupang. This follows an extensive breach of customer information and illicit collection of personal data, marking the country’s most substantial data violation penalty ever levied on a corporation.
The nation’s Personal Information Protection Commission revealed that the New York-listed company had leaked the personal data of over 33 million customers. Notably, the company failed to identify and address the leak within the legally mandated 72-hour window.
The fine represents approximately 1.4 per cent of Coupang’s revenue of 45 trillion won in 2025. The commission’s chairperson, Song Kyung-hee, pointed out during a Thursday briefing that the data breach happened due to Coupang’s inadequate safety measures and systems – not because of advanced hacking techniques.
In response to the announcement of the fine, Coupang expressed regret and offered an apology for the public distress and concern caused to its customers. Although, the company expressed disappointment that their proactive efforts to mitigate the aftermath of last year’s data leak were not fully recognized by the regulatory body’s decision.
Coupang, headquartered in Seattle, generates the majority of its earnings in South Korea by offering speedy delivery of groceries, food, and other goods. The penalty comes on the heels of a government-led investigation earlier this year, attributing the data breach to a managerial failure.
The science ministry in South Korea reported that a former employee, a Chinese national, had unlawfully procured a security key, allowing unauthorized access to customer accounts. Song noted that Coupang’s flawed security system allowed a hacker to undeterredly access the personal information of all customers, even after the alleged culprit had left the company.
In addition to the breach, the firm did not notice an abnormal increase in traffic to its customer data until alerted by a customer inquiry. Moreover, the regulator discovered that Coupang’s marketing program had illicitly collected information on the online activities of around 11 million customers without obtaining their consent.
Song remarked that Coupang had significantly expanded its e-commerce service based on extensive customer data. However, despite its business scale, the company lacked a system to protect and manage customer information.
Why was Coupang fined 625 billion won by South Korea?
Coupang was fined for a substantial breach of customer data and illegal collection of personal information, marking the largest data violation penalty ever issued by South Korea.
What are the details of the data breach?
The company leaked the personal data of over 33 million customers and failed to identify and address the breach within the legally mandated 72-hour window. A former employee was found to have unlawfully accessed customer accounts.
What was Coupang’s response to the fine?
Coupang apologized for the concern caused to the public and its customers. However, the company expressed disappointment that their proactive efforts to prevent further harm from the data leak were not fully acknowledged by the regulatory authority.
