South Korea Fines Coupang Over $400 Million for Massive Data Breach
South Korean regulators have fined e-commerce giant Coupang over $400 million for a data breach exposing over 34 million customers' personal information. The breach, involving a former employee, compromised sensitive data for roughly two-thirds of the country's population. Coupang, a U.S.-headquartered company popular in South Korea, intends to contest the penalty.
Key points
- South Korea's Personal Information Protection Commission fined Coupang 624 billion won (over $400 million) for a data breach.
- The breach, discovered in December 2025, affected over 34 million customers, compromising names, addresses, phone numbers, and order histories.
- Coupang, a U.S.-headquartered retail giant popular in South Korea, acknowledged the breach was caused by a former employee.
- Coupang plans to challenge the regulator's decision, calling it a maximum penalty.
- The fine is notable as U.S. firms rarely face significant sanctions for data breaches domestically.
South Korea has levied a record fine of over $400 million on e-commerce firm Coupang following a significant data breach. The country's Personal Information Protection Commission announced the penalty, totaling 624 billion won, after a breach discovered in December 2025 compromised the personal data of more than 34 million customers.
The breach is reported to have exposed sensitive customer information, including names, email and shipping addresses, phone numbers, and past order details, affecting approximately two-thirds of South Korea's population. Authorities identified a former employee as responsible for obtaining this data. Coupang, a prominent retail company headquartered in the United States but widely used in South Korea, has stated its intention to dispute the regulator's ruling.
This substantial fine marks a significant action against a U.S.-based company for data protection violations. Reports have surfaced suggesting potential political pressure from U.S. representatives regarding the case, linking it to bilateral ties. Experts note that U.S. companies typically face fewer stringent penalties for similar data breaches due to differences in domestic legislation and enforcement.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.