South Korea issues Won624.68bn fine on Coupang over data breach

South Korea's Personal Information Protection Commission (PIPC) has levied a punishment surcharge of Won624.68bn ($411.19m) connected e-commerce institution Coupang, marking the largest punishment ever imposed successful the state for a idiosyncratic information breach.

Of the full amount, Won423.6bn relates straight to the leak of lawsuit information portion a further Won201.1bn has been imposed for the unauthorised oregon non-consensual postulation of idiosyncratic information.

The PIPC besides issued a abstracted administrative good of Won16.8m, alongside corrective orders, a work bid and a directive requiring Coupang to marque the disposition public.

The committee said the breach compromised the idiosyncratic details of astir 37.55 cardinal users, including names, email addresses, telephone numbers and location addresses, with the vulnerability occurring betwixt April and November 2025.

Investigators concluded that the breach stemmed from weaknesses successful the company's information practices, citing mediocre handling of authentication signing keys and insufficient entree controls, alternatively than the effect of a blase cyberattack.

The PIPC besides recovered abstracted privateness breaches by Coupang Fulfillment Services, for which it imposed an further punishment surcharge of Won248m.

The lawsuit stems from a months-long probe that PIPC launched successful November 2025, pursuing reports that surfaced that period alleging the information breach had occurred.

Responding to the ruling, Coupang said it regretted the interest caused, but argued that the steps it had taken to bounds secondary harm and its ain explanations had not been adequately considered successful the commission's findings.

According to respective reports, the institution indicated that it intends to prosecute the substance done ineligible channels, suggesting it whitethorn contention the punishment successful court.

In December, Coupang issued an apology aft disclosing that the idiosyncratic information of millions of lawsuit accounts had been compromised.

That aforesaid month, the company's then-chief executive, Park Dae-joon, stepped down pursuing the fallout from the breach.

Its US-based genitor company, Coupang Inc, subsequently appointed Harold Rogers, who had been serving arsenic main administrative serviceman and wide counsel, arsenic interim main executive.

"South Korea issues Won624.68bn good connected Coupang implicit information breach" was primitively created and published by Retail Insight Network, a GlobalData owned brand.