Updated
Updated · The New York Times · Jun 11
South Korea Fines Coupang $409 Million Over 33 Million-Account Data Breach
Updated
Updated · The New York Times · Jun 11

South Korea Fines Coupang $409 Million Over 33 Million-Account Data Breach

3 articles · Updated · The New York Times · Jun 11

Summary

  • $409 million—624.7 billion won—is the largest privacy fine in South Korean history, with regulators holding Coupang responsible for a breach affecting 33 million customer accounts and 4 million nonmembers.
  • 11 million users were also found to have had online activity across third-party websites and apps unlawfully collected and stored, while regulators said weak safety systems—not sophisticated hacking—caused the leak.
  • Coupang said it will challenge the ruling in court, apologizing again and arguing its preventive steps and existing data-protection efforts were not adequately reflected in the decision.
  • The case has widened into a U.S.-South Korea dispute, with Coupang and some Republican lawmakers alleging unfair targeting of an American company, while Seoul says Washington's pressure is disrupting broader trade and security talks.

Insights

After a $409M fine, is South Korea now the world's riskiest market for global tech?
Will South Korea's record fine on a US firm withstand Washington's diplomatic pressure?

South Korea Hits Coupang with Record $409 Million Fine: Data Breach Fallout, Regulatory Reform, and U.S. Tensions

Overview

Coupang Inc., a major e-commerce company, suffered a significant data breach that exposed sensitive customer information such as names, email addresses, phone numbers, shipping addresses, and order histories. In response, South Korea's Personal Information Protection Commission (PIPC) imposed a record-breaking fine of 624.7 billion won ($409 million), the largest ever for a personal data breach in the country. This penalty was issued under regulations allowing fines up to 3% of a company’s annual sales. The incident highlights the growing regulatory focus on data protection and the serious consequences of cybersecurity failures for large companies.

...