South Korea Hits Coupang With Record $400m Fine After Data Breach Exposes 30 Million Customers

South Korea has imposed its largest-ever data protection penalty on Coupang, the country’s dominant e-commerce platform, levying a combined fine exceeding $400 million for a massive breach that exposed the personal information of more than 30 million customers and for the non-consensual harvesting of user data.

The Personal Information Protection Commission (PIPC), South Korea’s data privacy regulator, announced on Wednesday a fine of 423.6 billion won (approximately $310 million) over the breach itself, along with an additional 201 billion won for the unauthorized collection of personal information. Together, the penalties represent the most significant enforcement action the commission has ever taken against a single company.

The scale of the breach is staggering. The compromised data, including names, contact details, delivery addresses, and order histories, belonged to roughly 37.5 million users, a figure that exceeds half of South Korea’s total population of approximately 50 million. Coupang, often described as South Korea’s answer to Amazon, is the country’s largest online retail platform and a fixture of daily life for millions of consumers.

A Breach Months in the Making

The investigation began after allegations of the data leak surfaced in November last year. Coupang initially reported a breach involving approximately 4,500 customer accounts, but subsequent checks revealed the true scope was dramatically larger. Nearly 34 million accounts, all based in South Korea, were likely exposed. The company said the breach is believed to have originated as early as June through a server located abroad.

The PIPC determined that insufficient security safeguards, including poor management of authentication signing keys and inadequate access controls, were responsible for the exposure. The findings paint a picture of systemic security failures at one of Asia’s most valuable technology companies.

Coupang Plans Legal Challenge

Coupang, which is headquartered in the United States but derives the vast majority of its revenue from South Korea, said it “deeply regrets the concern caused” and intends to strengthen its security infrastructure. However, the company made clear it would contest the regulator’s decision.

“Upon receiving the official resolution from the PIPC, we expect that the facts will be clearly established through legal procedures,” the company said in a statement, adding that its own explanations and remedial measures “were not sufficiently reflected” in the commission’s ruling.

Leadership Fallout

The breach has already claimed a significant casualty at the top of the company. Park Dae-jun, Coupang’s chief executive, resigned following the disclosure, publicly apologising for the incident. Harold Rogers, the company’s chief administrative officer, was appointed as interim CEO to steady the ship during what has become one of the most damaging data protection episodes in South Korean corporate history.

A Growing Global Reckoning

The fine arrives amid an intensifying global crackdown on corporate data negligence. Regulators across Europe, Asia, and North America have grown increasingly willing to impose substantial penalties on companies that fail to protect consumer data, signalling that the era of light-touch enforcement is over.

For Coupang, which has expanded aggressively and invested heavily in logistics and technology, the reputational damage may prove as costly as the financial penalty itself. Consumer trust, once broken, is difficult to rebuild, particularly when more than half the nation’s population has been directly affected.

The case also raises uncomfortable questions about the security practices of major e-commerce platforms worldwide, many of which hold similarly vast troves of personal data. As regulators sharpen their tools and consumers grow more aware of digital privacy risks, companies that treat data protection as an afterthought may find themselves facing consequences that extend far beyond the courtroom.

Image Source: MYJOYONLINE