Coupang fined a record $409 million over massive data breach affecting 33 million users

South Korea just handed down the largest data protection fine in its history, and the recipient is the country’s most dominant e-commerce company. Coupang, often called “South Korea’s Amazon,” was slapped with a 624.7 billion won penalty, roughly $409 million, for a breach that exposed the personal information of over 33.67 million users.

To put that number in perspective, South Korea’s total population is around 51 million. That means roughly two-thirds of every person in the country had their data compromised.

What happened, and how did it get this bad

The breach traces back to a former Coupang engineer who exploited a cryptographic signing key, gaining unauthorized access to user data over a period of several months, starting around April to June 2025.

The exposed data included names, email addresses, phone numbers, physical addresses, and order histories. Payment data and passwords were reportedly not compromised.