South Korea fined Coupang more than $400 million after a major data breach exposed personal details tied to about 37.5 million users.
South Korea’s privacy regulator has hit e-commerce giant Coupang with a record data-breach fine as part of penalties totaling more than $400 million (£299 million), after investigators found that personal information tied to about 37.5 million users was exposed.
The action by the Personal Information Protection Commission marks the largest data-breach fine the Seoul regulator has issued. The number of affected accounts is equivalent to more than half of South Korea’s population of roughly 50 million people, underscoring the scale of the incident at the country’s largest online retail platform.
The commission announced Wednesday that it had imposed a 423.6 billion won fine over the personal data breach, along with an additional 201 billion won penalty for the non-consensual collection of information.
Regulators found that insufficient safeguards, including weak management of authentication signing keys and access controls, led to the exposure of customer data. The leaked information included names, contact and delivery details, and order histories for some Coupang customers.
Coupang told the BBC it “deeply regrets the concern caused” and said it would strengthen security measures, but the company also said it intends to challenge the regulator’s decision. Coupang said its explanations and steps to prevent further harm “were not sufficiently reflected” in the commission’s findings.
“Upon receiving the official resolution from the PIPC, we expect that the facts will be clearly established through legal procedures,” the company said.
The decision follows a months-long investigation that began after allegations of a data leak surfaced in November. Coupang said at the time that it had been alerted to a breach involving 4,500 customer accounts and had immediately reported it to authorities. Later checks found that nearly 34 million customer accounts, all in South Korea, were likely exposed, and the company said the breach may have begun as early as June through a server based overseas.
Coupang is based in the United States, but most of its revenue comes from South Korea. After the breach, Park Dae-jun resigned as the company’s boss and apologized for the incident; chief administrative officer Harold Rogers was appointed interim CEO.
The case adds to a series of major cybersecurity incidents involving South Korean companies. SK Telecom, the country’s largest mobile operator, was fined nearly $100 million over a breach affecting more than 20 million subscribers.
Comments (0)