Amazon - Enforcement
Executive Summary
South Korea's Personal Information Protection Commission imposed a record $400 million fine on e-commerce giant Coupang after a data breach exposed personal information of approximately 37.5 million customer accounts, including names, contact details, delivery addresses, and order histories. The commission found that poor security practices, such as inadequate management of authentication keys and access controls, led to the breach, which affected more than half of South Korea's population. C...
What Happened
In November 2024, South Korea's largest e-commerce platform Coupang discovered a data breach that had been ongoing since at least June 2024, exposing personal information from approximately 37.5 million customer accounts. The compromised data included names, email addresses, phone numbers, delivery addresses, and order histories, though payment information and login credentials were not affected. Following a months-long investigation, South Korea's Personal Information Protection Commission imposed a record fine of 624.68 billion won (approximately $400 million USD) on Coupang in June 2026, citing inadequate security practices including poor management of authentication keys and access controls.
Who Is Affected
More than 37.5 million Coupang customer accounts in South Korea were affected, representing over half of the country's population of approximately 50 million people. All impacted users had their contact information, delivery addresses, and purchase histories exposed during the five-month breach period. The breach was limited to Coupang's South Korean operations and did not affect the company's Taiwan or other international platforms.
Why It Matters
This breach represents one of the largest cybersecurity incidents in South Korean corporate history, affecting a substantial portion of the nation's population through a single platform. The record-breaking $400 million fine demonstrates South Korea's commitment to enforcing data protection standards and holding companies accountable for security failures, setting a significant precedent for future enforcement actions. The incident also highlights the systemic privacy risks created when a dominant platform serves more than half a country's population, as a single security failure can expose an unprecedented scale of personal information.
What You Should Do
If you are a Coupang customer in South Korea, monitor your accounts for unusual activity or unsolicited communications, as your contact information and purchase history may be in the hands of unauthorized parties. Be cautious of phishing attempts that reference your order history or delivery addresses, which criminals could use to appear legitimate. Change passwords on any other accounts where you used the same email address and phone number combination. Consider placing fraud alerts with your bank if you notice suspicious activity, even though payment information was reportedly not compromised in this specific breach.
Summary generated from verified sources and reviewed before publication. How we summarize.