South Korean regulators have imposed a record 625 billion won ($409 million) fine on e-commerce giant Coupang after concluding that the company failed to adequately protect customer information in a breach affecting more than 33 million users.
The penalty, announced by the Personal Information Protection Commission (PIPC), is the largest data breach fine ever issued against a company in South Korea. Regulators said the incident stemmed from weak internal security controls rather than sophisticated external hacking, raising fresh concerns about data governance at one of the country’s most influential technology companies.
Coupang, which is listed on the New York Stock Exchange under the ticker CPNG, generates most of its revenue in South Korea and is estimated to control about 40% of the country’s logistics market, according to IM Securities.
What Regulators Found
The fine follows a government-led investigation that earlier this year blamed the incident on management failures. South Korea’s science ministry said a former employee, identified as a Chinese national, allegedly stole a security key that allowed unauthorized access to customer accounts.
According to regulators, Coupang’s systems continued to allow access to sensitive customer information even after the employee had left the company. Officials said the company also failed to detect unusual traffic involving customer data and only became aware of the issue after receiving an inquiry from a customer.
In addition to the breach itself, the PIPC found that Coupang’s marketing program collected information on the online activities of around 11 million customers without obtaining proper consent.
According to Yonhap News Agency, South Korean authorities had been investigating the incident for months before announcing the record penalty and related findings.
Read More
What the Fine Means for Coupang
Coupang apologised after the decision was announced but said it was disappointed that regulators did not fully take into account the measures it implemented to prevent further harm following the breach.
The size of the fine is significant. Based on Reuters calculations, it represents approximately 1.4% of Coupang’s 2025 revenue of 45 trillion won. Investors are now assessing whether the company could face additional compliance costs, legal risks or operational changes as a result of the findings.
The case has also drawn attention beyond privacy concerns. Investigations into the breach became part of broader discussions between Seoul and Washington, with some concerns raised about the treatment of a U.S.-listed company during ongoing trade negotiations. South Korean officials have maintained that the matter is strictly a privacy enforcement issue and should be handled separately from trade talks.
The regulatory action highlights increasing pressure on major digital platforms worldwide to strengthen cybersecurity controls and safeguard customer information. Investors have also been monitoring competitive developments across online retail, including Amazon’s expanding dominance in global e-commerce.
While Coupang remains one of South Korea’s dominant online shopping and delivery platforms, the record penalty represents one of the most serious regulatory challenges the company has faced since becoming a publicly traded business. The case is expected to remain closely watched by investors, regulators and privacy advocates as the company works to rebuild trust and strengthen its security systems.
Make Swikblog your go-to source on Google for reliable updates, smart insights, and daily trends.
