South Korea Fines Coupang Record $450 Million for Data Breach, Privacy Violations
Translated from Korean, summarized and contextualized by DistantNews.
At a glance
News
Sources not specified
Outcome reported
- South Korea's Personal Information Protection Commission fined Coupang and its affiliates a record 624.6 billion won for a massive data breach and privacy violations.
- The investigation revealed Coupang illegally collected and stored online activity records of 11.17 million members without proper legal grounds.
- Coupang plans to take legal action against the fine, expressing regret that its efforts to prevent further damage were not fully reflected in the commission's decision.
South Korea's Personal Information Protection Commission (PIPC) has imposed a record fine of 624.6 billion won (approximately $450 million) on e-commerce giant Coupang and its affiliates for a significant personal data breach and privacy violations. This marks the largest penalty ever issued by the commission to a domestic or international company.
The investigation found that Coupang failed to properly manage internal system authentication keys, leading to a data breach caused by a former employee. This incident exposed the personal information of 33.22 million members and 4.33 million non-members, totaling 37.55 million individuals. The breach also included sensitive delivery information for family and friends of members, such as names, phone numbers, and addresses, with some un-anonymized ๊ณต๋ํ๊ด (communal entrance) passwords also compromised.
Furthermore, Coupang was found to have illegally collected and stored the online activity records of 11.17 million members who visited external websites and apps featuring Coupang advertisements, without a valid legal basis. This collection, which occurred between December 23, 2023, and February 4, 2024, was used for targeted advertising. The PIPC determined that this practice posed a significant risk of infringing upon individuals' rights, potentially leading to inferences about sensitive information like beliefs and health.
Coupang has expressed regret over the commission's decision, stating that its proactive measures and explanations based on clear facts were not sufficiently considered. The company indicated its intention to pursue legal action, including administrative lawsuits, to contest the fine. The e-commerce company also faced separate fines for its subsidiary, Coupang Fulfillment Services, for improperly managing employee data and using sensitive health information in legal proceedings.
We regret that our proactive measures to prevent secondary damage and explanations based on clear facts were not sufficiently reflected in the Personal Information Protection Commission's decision.
DistantNews Editorial
Originally published by Hankyoreh in Korean. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.
More Stories
From Our Blog
What Gets Lost (and Found) When News Is Translated
The Critical Role of Diaspora Media in Global News
What Travellers Should Know About Countries with Restricted Press
A Digital Nomad's Guide to Following Local News
How the Same Story Looks Different in Different Countries
