Industry - Data Breach
Executive Summary
South Korea fined e-commerce giant Coupang a record $409 million after a former employee improperly accessed personal information from nearly 34 million customer accounts - roughly two-thirds of the country's population - for months without detection. Regulators found the breach resulted from inadequate security management rather than sophisticated hacking, exposing names, contact details, delivery addresses, and order histories. The fine is South Korea's largest ever for a data breach, with ...
What Happened
In November 2024, South Korean regulators discovered that a former Coupang employee had improperly accessed personal information from nearly 34 million customer accounts - approximately two-thirds of South Korea's population - for months without detection. The breach exposed names, contact details, delivery addresses, and order histories. In June 2025, South Korea's Personal Information Protection Commission fined Coupang a record $409 million, finding the breach resulted from inadequate security management, poor access controls, and negligent handling of authentication keys rather than sophisticated hacking.
Who Is Affected
Approximately 34 million Coupang customers in South Korea had their personal data exposed, representing roughly two-thirds of the country's 50 million population. The leaked information included identifying details such as names, contact information, delivery addresses, and purchase histories. Coupang issued vouchers to affected customers following the breach and warned that revenue growth would slow as a result of the incident.
Why It Matters
This represents South Korea's largest-ever fine for a data breach, surpassing a previous $100 million penalty against SK Telecom, and demonstrates regulators' willingness to impose maximum penalties under laws allowing fines up to 3% of annual sales. The case highlights systemic failures when a company's data protection measures fail to scale alongside rapid business growth. The breach also triggered diplomatic tensions between South Korea and the United States after a major U.S. investor alleged discriminatory treatment of the American-listed company, illustrating how cross-border data incidents can escalate into international political disputes.
What You Should Do
If you are a Coupang customer in South Korea, monitor your accounts for suspicious activity and consider changing passwords for Coupang and any other services where you used the same credentials. Review your delivery addresses and contact information on file to ensure no unauthorized changes have been made. Be alert for phishing attempts or scams that may reference your exposed purchase history or personal details, as this information could be used to impersonate legitimate communications from the company.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources