Industry - Enforcement
Executive Summary
South Korea's data protection regulator fined e-commerce company Coupang a record $410 million for a data breach affecting approximately 37.5 million users, whose names, phone numbers, and delivery details were exposed. The regulator also penalized Coupang for collecting online activity records of 11.17 million users without permission, including tracking which websites and apps they visited. The fine represents the largest penalty ever imposed by South Korea's Personal Information Protection...
What Happened
South Korea's Personal Information Protection Commission fined e-commerce company Coupang a record 624.7 billion won ($410 million) in June 2026 for multiple privacy violations. The largest portion of the penalty, 423.6 billion won, stemmed from a data breach that exposed personal information of approximately 37.5 million users, including names, phone numbers, and delivery details. An additional 201.1 billion won was levied for unauthorized collection of online activity records from 11.17 million users, tracking which websites and applications they visited without permission, and for failing to properly manage advertisement partners.
Who Is Affected
Approximately 37.5 million Coupang users in South Korea were affected by the data breach, including 33.2 million registered members and 4.3 million non-members. An additional 11.17 million users had their browsing activity tracked without consent, including records of websites and applications they visited. The breach went undetected for five months before being reported in November 2025.
Why It Matters
This represents the largest penalty ever imposed by South Korea's data protection regulator for a single data breach, exceeding the previous record fine by more than three times. The case demonstrates that regulators are willing to use their full authority to impose fines up to 3% of annual sales against major technology companies that fail to implement adequate security measures commensurate with the scale of personal data they handle. The severity of the penalty reflects growing enforcement of privacy protections in South Korea and sets a precedent for corporate accountability in data protection.
What You Should Do
If you are a Coupang user in South Korea, monitor your accounts for unauthorized activity and consider changing passwords on your Coupang account and any other services where you used similar credentials. Be vigilant for phishing attempts or scam messages that may use your exposed phone number and delivery information. Check your credit reports and consider placing fraud alerts if you notice suspicious activity. Review privacy settings on e-commerce platforms you use to understand what data is being collected and limit unnecessary data sharing where possible.
Summary generated from verified sources and reviewed before publication. How we summarize.
Sources
- Coupang fined record 624.7 billion won over massive data breach, unauthorized data collection - Yonhap News Agency
- Coupang expresses regret over record fine for data breach, unauthorized data collection - Yonhap News Agency
- (LEAD) Coupang fined record 624.7 billion won over massive data breach, unauthorized data collection - Yonhap News Agency