South Korean regulators have imposed a record 625 billion won, or approximately $409 million, fine on e-commerce giant Coupang. The Personal Information Protection Commission cited a massive leak of personal data belonging to more than 33 million customers and the illegal collection of user information as grounds for the penalty.
Regulators determined the breach resulted from systemic safety failures rather than sophisticated external hacking. A government investigation revealed that a former employee stole a security key to access customer accounts unauthorized. Despite the suspect leaving the company, security flaws allowed continued access to the entire customer database. Furthermore, Coupang failed to detect the breach within the legally mandated 72-hour window, only discovering it after a customer inquiry.
In addition to the data leak, authorities found Coupang’s marketing program illegally collected online activity data from approximately 11 million customers without consent. The fine represents roughly 1.4 percent of the company's projected 2025 revenue.
Coupang issued a public apology but expressed regret that its proactive prevention measures were not sufficiently considered in the ruling. The penalty arrives amid trade discussions between Seoul and Washington, though South Korean officials maintain this enforcement action is strictly a regulatory matter separate from broader trade negotiations. Coupang currently controls an estimated 40 percent of South Korea's logistics services market.