Leak of Data on Two-Thirds of Population? South Korea's "Amazon" Heavily Fined

Leak of Data on Two-Thirds of Population? South Korea's "Amazon" Heavily Fined

South Korea's largest e-commerce platform, Coupang, has received the country’s highest-ever fine for a data breach from regulators, amounting to 624.6 billion won (approximately $409 million), further worsening the company’s already stressed financial situation.

According to the Financial Times, the South Korean Personal Information Protection Commission announced the penalty on Thursday. This data breach affected nearly two-thirds of the country’s population, exposing serious deficiencies in Coupang’s cybersecurity controls. Commission Chair Song Kyung-hee said the company “failed to take sufficient measures to detect and respond to unauthorized external access.”

This is the largest fine issued in South Korea for a single corporate data breach. Coupang recorded an operating loss of $242 million in the first quarter this year and expects its annual revenue growth to slow. The fine further increases pressure on the performance of this company, known as the “Amazon of Korea.”

Dual Accountability: Breach and Violation

The South Korean Personal Information Protection Commission disclosed that the 624.6 billion won fine consists of two parts: 423.6 billion won for the data breach itself, and the remaining 201 billion won for collecting and using personal information without user consent.

The investigation found the data breach occurred last April via Coupang’s overseas servers, but the company didn’t detect it until November. A former employee accessed customer information using a private encryption key that was still active. After the incident came to light, the CEO of Coupang’s South Korean subsidiary resigned, and President Lee Jae-myung characterized the case as a warning to strengthen cybersecurity.

According to Korean law, companies that fail to implement sufficient data protection measures can be fined up to 3% of previous year’s revenue; if the data breach results from intentional misconduct or gross negligence, authorities can impose punitive damages up to five times the actual harm. Some members of parliament had previously called for Coupang to be fined as much as 1.2 trillion won. The company’s sales in 2025 are projected at 49 trillion won.

Loss of User Trust and Performance Pressure

Coupang expressed “regret” over the verdict, stating that the corrective actions and related explanations it provided after the data breach “were not fully reflected in the commission’s decision,” and said it would seek clarification of the facts through legal procedures.

As the fine is imposed, Coupang is facing a user trust crisis triggered by the security incident. The company posted a $242 million operating loss in the first quarter this year and warned that security concerns have led some consumers to reduce their use of the platform, putting pressure on annual revenue growth.

Coupang was founded in 2010 by Korean-American and Harvard graduate Bom Kim, becoming South Korea’s largest e-commerce platform thanks to its overnight “rocket delivery” service. The company is backed by Japan’s SoftBank, has 25 million active members, and its businesses include food delivery and streaming services. It is South Korea’s second largest private employer after Samsung.

Risk Disclosure and DisclaimerThe market carries risks; investment requires caution. This article does not constitute personal investment advice and does not take into account individual users' special investment goals, financial situations, or needs. Users should consider whether any opinions, views, or conclusions in this article fit their specific circumstances. Investing based on this content is at your own risk.