**South Korea Fines Coupang $408 Million Over Major Data Breach**
South Korea's Personal Information Protection Commission has imposed a record fine of $408 million on the e-commerce giant Coupang following a significant data breach that allegedly compromised the personal data of over 33 million customers. This incident is now regarded as the largest data leak in the country’s history, drawing considerable attention and criticism, particularly from U.S. lawmakers.
The breach, which was reported to have occurred due to inadequate safety measures within Coupang's systems, raised alarms about the company’s data protection protocols. Song Kyung-hee, chairperson of the privacy regulator, stated that the incident was not the result of sophisticated hacking, but rather a failure in management and security practices. “This accident occurred due to Coupang’s lack of safety measures and systems,” she noted during a briefing on Thursday.
In addition to the substantial fine, the commission criticized Coupang for its failure to notify affected individuals within the legally mandated 72-hour timeframe. Song emphasized that the delayed notifications deprived customers of the opportunity to take preventative actions against potential secondary harm resulting from the breach.
In response to the fine, Coupang issued an apology to the public and its customer base, acknowledging the concern caused by the incident. However, the company expressed disappointment that its efforts to mitigate secondary harm and its explanations regarding the breach were not adequately considered in the commission’s ruling. Coupang, which operates primarily in South Korea despite being headquartered in Seattle, indicated plans to contest the fine in court.
This fine surpasses the previous record of $88 million imposed on SK Telecom last year for a similar incident, marking a significant escalation in penalties for data breaches in South Korea. The investigation that led to the fine revealed that a former employee, identified as a Chinese national, had stolen a security key, which allowed unauthorized access to customer accounts.
The ramifications of the breach and the subsequent fine have extended beyond South Korea, straining relations with the United States. In April, nearly 100 South Korean lawmakers sent a letter expressing concerns about what they described as “undue pressure” from U.S. politicians regarding the investigation into Coupang. The letter followed accusations from U.S. Republican lawmakers who claimed that the scrutiny of the U.S.-listed company amounted to discriminatory regulatory actions against American businesses.
Coupang is a significant player in South Korea's logistics and e-commerce market, controlling approximately 40 percent of the logistics services in the country, according to Seoul-based IM Securities. The company has rapidly expanded its e-commerce services, heavily relying on vast customer data for its operations. However, the recent findings have raised serious questions about its ability to protect and manage that data effectively.
As the situation develops, the implications of this record fine and the ongoing scrutiny of Coupang's practices will likely continue to attract attention both domestically and internationally. The outcome of Coupang's planned legal challenge could have lasting effects on data protection regulations and corporate accountability in South Korea and beyond.