Advertisement
Business

Coupang hit with record $400m fine over data breach affecting 37.5 million users

South Korea's PIPC fines Coupang a record $400m after breach exposed data of over 37 million users.

Business

Coupang hit with record $400m fine over data breach affecting 37.5 million users

South Korea has imposed a record $400m (£299m) fine on online retail giant Coupang after a massive data breach exposed the personal details of more than 30 million customers last year.

The penalty, issued by Seoul's Personal Information Protection Commission (PIPC), is the largest ever for a data breach in the country. The leak revealed names, contact and delivery details and order histories of some users of Coupang, South Korea's dominant e-commerce platform often described as its equivalent of Amazon.

South Korea's PIPC fines Coupang a record $400m after breach exposed data of over 37 million users.

The number of accounts affected represents more than half of South Korea's population of around 50 million people. The PIPC announced a 423.6bn won fine for the data breach and an additional 201bn won for the non-consensual collection of information. The commission found that a lack of safeguards, including poor management of authentication signing keys and access controls, had resulted in the personal data of around 37.5 million users being exposed.

Advertisement

Coupang said it "deeply regrets the concern caused" and that it will strengthen its security measures, but added that it planned to challenge the PIPC decision. The company insisted that its explanations and measures to prevent further harm "were not sufficiently reflected" in the decision. "Upon receiving the official resolution from the PIPC, we expect that the facts will be clearly established through legal procedures," said Coupang.

The fine follows a months-long probe after allegations of the data leak surfaced in November. Coupang told the BBC at the time that it was alerted to a breach involving 4,500 customer accounts that month and immediately reported it. But later checks found that nearly 34 million customer accounts – all in South Korea – were likely exposed. The breach is believed to have begun as early as June through a server based abroad.

Coupang's boss Park Dae-jun resigned from his role, apologising for the incident. The platform's chief administrative officer Harold Rogers was appointed interim CEO. South Korean firms faced a series of high-profile cyber-security incidents last year despite the country's reputation for tight data privacy standards. Its largest mobile operator SK Telecom was fined nearly $100m over a data breach involving more than 20 million subscribers.

Advertisement

The decision leaves Coupang, which is based in the US but derives most of its revenue from South Korea, facing a legal battle as it contests the record fine.

Advertisement
Advertisement