**Korea Fines E-Commerce Giant Coupang $400 Million Over Data Breach Affecting Millions**
In a landmark decision, South Korea's Personal Information Protection Commission (PIPC) has imposed a record fine of 624.68 billion won (approximately $400 million) on Coupang, the country's largest e-commerce platform, following a significant data breach that compromised the personal information of over 30 million customers. This fine marks the largest ever levied by the PIPC for a data breach incident.
The breach, which came to light in November 2022, exposed sensitive data including names, contact details, delivery information, and order histories of approximately 37.5 million users. This figure represents more than half of South Korea's total population of around 50 million, raising serious concerns about data security and privacy in the nation.
The PIPC's investigation revealed that Coupang had violated safety obligations and collected personal data without legal grounds. Key factors contributing to the breach included inadequate management of authentication signing keys and insufficient access controls, which ultimately led to the extensive exposure of customer data.
Coupang, often compared to Amazon for its dominance in the South Korean e-commerce market, expressed regret over the incident and the distress it caused to customers. The company stated that it plans to strengthen its security measures in response to the breach. However, Coupang also indicated its intention to contest the PIPC's decision, arguing that their explanations and preventive measures were not adequately considered during the commission's review.
In a statement, Coupang said, "Upon receiving the official resolution from the PIPC, we expect that the facts will be clearly established through legal procedures." The company had initially reported the breach to authorities after discovering unauthorized access involving 4,500 customer accounts. Subsequent investigations revealed that nearly 34 million accounts were likely affected, with the breach believed to have originated as far back as June 2022 through a server located abroad.
The fallout from the breach has also led to significant leadership changes within Coupang. Following the incident, CEO Park Dae-jun resigned, offering apologies for the breach, while Chief Administrative Officer Harold Rogers has stepped in as the interim CEO.
This incident is part of a troubling trend in South Korea, where several high-profile cyber-security breaches have occurred despite the country's strong reputation for data privacy standards. Notably, SK Telecom, South Korea's largest mobile operator, was fined nearly $100 million last year due to a data breach that affected over 20 million subscribers.
As the digital landscape continues to evolve, the need for robust data protection measures has become increasingly critical. The record fine imposed on Coupang serves as a stark reminder of the potential consequences of data breaches and the importance of safeguarding personal information in the e-commerce sector.
The PIPC's ruling is expected to have far-reaching implications for the industry, as companies may need to reassess their data security protocols to avoid similar penalties in the future. As the legal proceedings unfold, the case will likely be closely monitored by both consumers and industry stakeholders alike.