South Korea’s Coupang facing up to $770mn fine after data breach

Coupang (CPNG), South Korea’s foremost digital shopping platform, is confronting the prospect of a potentially record-breaking penalty, possibly reaching up to KRW1 trillion ($770mn), following the nation’s most extensive personal data compromise, Chosun Daily reports. The breach affected 33.7mn users, with confirmed exposed details including customer names, email addresses, physical addresses alongside phone numbers from delivery address books, and certain order information. Coupang confirmed the account breach on November 30.

This event is hugely significant as it threatens the financial health and consumer trust of the country's leading e-commerce firm, an important barometer for South Korea’s digital economy and commitment to data protection standards. The South Korean government underscored the gravity of the matter by convening an extraordinary ministerial summit on November 30, a public holiday, to address the extensive security failure.

The Personal Information Protection Commission (PIPC) commenced an inquiry on the following day to ascertain if Coupang neglected obligatory security measures like access control and data encryption. Under current legislation, penalties can reach 3% of the relevant turnover. Given Coupang’s estimated domestic revenue of KRW31.226 trillion for the first three quarters, the maximum fine could indeed approach the KRW1 trillion mark. This calculation may increase if integrated services revenue, such as Coupang Play and Coupang Eats (accessible via the ‘Wow’ membership), is included.

This anticipated fine is substantially steeper than the previous record, a KRW134.8bn fine against SK Telecom for a smaller breach involving 23.24mn customers. Coupang has a history of smaller internal data leaks, yet the combined administrative sanctions for three past incidents between August 2020 and December 2023 totalled only KRW1.6bn. Regulators may lower the final sum if the company implements swift remedial actions, as seen when SK Telecom’s initial fine was reduced.

Civic organisations are demanding strengthened consumer protection laws, including class action mechanisms, to ensure companies face a real risk of financial failure, thereby incentivising better security practices. Responding to the public concern, Presidential chief of staff Kang Hoon-sik on December 1, instructed officials to develop measures to guarantee the punitive damages system is fully effective when corporate fault is established.

© 2025 bne IntelliNews, source Magazine