South Korea Fines Coupang $409 Million for Data Breach
Key Takeaways
- Coupang faces a $409 million fine, the largest data protection penalty in South Korean history
- A former employee stole a security key and accessed 33 million customer accounts after leaving the company
- The company also illegally collected browsing data from 11 million customers without consent
What Happened
South Korea's Personal Information Protection Commission fined Coupang 625 billion won ($409 million) on Thursday for leaking personal data from more than 33 million customer accounts. The penalty is the largest data breach fine ever imposed in South Korea.
The fine amounts to 1.4% of Coupang's 2025 revenue of 45 trillion won. The New York-listed company generates most of its revenue in South Korea, where it dominates the e-commerce market with fast delivery of groceries, food, and other goods.
A Former Employee, Not a Sophisticated Attack
The breach traced back to a former employee, a Chinese national, who stole a security key and used it to access customer accounts after leaving the company. South Korea's science ministry found the root cause was management failure, not advanced hacking techniques.
“This accident occurred due to Coupang's lack of safety measures and systems, not sophisticated hacking.”
— Song Kyung-hee, Chairperson, Personal Information Protection Commission
Song said Coupang's security system allowed the hacker to access personal information for all customers with a single compromised key. The company did not revoke the employee's access credentials after they left. Coupang also failed to notice an unusual spike in traffic to its customer database until a customer reported suspicious activity.
The company missed the 72-hour window required by law to detect and report the breach.
Illegal Data Collection Adds to the Fine
The regulator found a second violation. Coupang's marketing program tracked online activity from around 11 million customers without their consent. This illegal collection was separate from the data leak but contributed to the record penalty.
Coupang's Response
Coupang apologized for causing concern to customers and the public after the fine was announced. But the company pushed back on the regulator's decision.
"We regret that our proactive measures to prevent secondary harm from last year's data leak incident, as well as our explanations based on clear facts, were not sufficiently reflected" in the decision, the company said.
The company's compensation plan has drawn criticism. Reports indicate Coupang offered affected customers shopping vouchers rather than direct financial payments. Online communities described this as a marketing tactic that forces victims to spend more money with the company that failed to protect them.
More on state-linked cybersecurity threats
Trade Tensions in the Background
The investigation added friction to U.S.-South Korea trade relations. Some in Washington raised concerns that Korean authorities had gone too far in their treatment of the U.S.-listed company while the two countries negotiated trade deal details.
South Korea rejected the framing. Officials said the Coupang probe was neither a trade nor security issue and should be handled separately from ongoing talks with Washington.
Market Position at Stake
Coupang controls about 40% of South Korea's logistics services, the largest market share among competitors, according to Seoul-based IM Securities. The fine represents a significant cost but not an existential threat given the company's scale.
The penalty signals that South Korean regulators will impose serious consequences for data protection failures. Companies operating in the market should expect enforcement to match the severity of the breach.
Logicity's Take
Frequently Asked Questions
Why was Coupang fined $409 million?
South Korea's privacy regulator found Coupang leaked personal data from 33 million customers after a former employee stole a security key. The company also illegally collected browsing data from 11 million users without consent.
How did the Coupang data breach happen?
A former employee, a Chinese national, stole a cryptographic security key before leaving the company. Coupang never revoked the key, allowing the ex-employee to access all customer accounts remotely.
Is this the largest data breach fine in South Korea?
Yes. The 625 billion won ($409 million) penalty is the largest data protection fine ever imposed on a company in South Korea.
What customer data was leaked in the Coupang breach?
The breach exposed personal information from more than 33 million customer accounts. The exact types of data exposed have not been fully disclosed, but the breach affected roughly two-thirds of South Korea's population.
How did Coupang respond to the fine?
Coupang apologized but said its explanations and preventive measures were not adequately considered by the regulator. The company offered shopping vouchers as compensation, which drew criticism from affected customers.
Need Help Implementing This?
Source: Tech-Economic Times / ET
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
Robotaxi Companies Are Hiding How Often Humans Take the Wheel
Autonomous vehicle firms like Waymo and Tesla are under scrutiny for refusing to disclose how often remote operators step in to control their self-driving cars. A Senate investigation reveals major gaps in transparency, raising safety and accountability concerns.
Wisconsin Governor Throws a Wrench in Age Verification Plans
Wisconsin Governor Tony Evers has vetoed a bill that would have required residents to verify their age before accessing adult content online, citing concerns over privacy and data security. This move comes as several other states have already implemented similar age check requirements. The veto has significant implications for the future of online age verification.
Apple's App Store Empire Under Siege: The Battle for the Future of Tech
The long-running feud between Apple and Epic Games has reached a boiling point, with Apple preparing to take its case to the Supreme Court. The tech giant is fighting to maintain control over its App Store, while Epic Games is pushing for more freedom for developers. The outcome could have far-reaching implications for the entire tech industry.
Tesla's Remote Parking Feature: The Investigation That Didn't Quite Park Itself
The US auto safety regulators have closed their investigation into Tesla's remote parking feature, but what does this mean for the future of autonomous driving? We dive into the details of the investigation and what it reveals about the technology. The National Highway Traffic Safety Administration found that crashes were rare and minor, but the investigation's closure doesn't necessarily mean the feature is completely safe.
Also Read
Windows 11 June Update Cuts App Launch Times by 40%
Microsoft's June 2026 Patch Tuesday delivers a new Low Latency Profile that speeds up the Start Menu, Action Center, and app launches. The update also patches 198 security vulnerabilities and signals a shift toward fixing long-standing performance complaints.
Framework Laptop 13 Pro Delayed One Month Over Trackpad Issue
Framework has pushed back first shipments of its new flagship laptop from June to July. The delay stems from an electrical grounding problem in the haptic trackpad and a display firmware bug, both requiring hardware and software fixes before mass production can begin.
Everything Search Finds Files in 0ms Where Windows Can't
Windows Search's background indexing drains system resources while still missing files. A free tool called Everything bypasses the OS entirely by reading the NTFS Master File Table directly, delivering results before you finish typing.