South Korea Hits Coupang With Record Data Breach Fine of More Than $400 Million

Seoul’s data protection authority has imposed an unprecedented fine of more than $400 million on online retail giant Coupang following a massive data breach that exposed the details of about 37.5 million customers, more than half of the country’s population.

South Korea’s Personal Information Protection Commission (PIPC) said on Wednesday that the breach exposed the names, contact and delivery details, and order histories of users on the platform. The commission determined that insufficient safeguards, including poor management of authentication keys and access controls, led to the exposure of personal data. The leak is believed to have begun as early as June through a server located overseas.

The fine is the largest ever imposed by the authority for a data breach. Coupang expressed deep regret over the concern caused and said it would strengthen its security measures, while also announcing that it intends to appeal the PIPC’s decision. Following the incident, the company’s CEO, Park Dae-joon, resigned and apologized for the episode.

South Korea faced several major cyber incidents last year despite its reputation for strict data privacy standards.