Coupang fined record $409M for South Korea data breach

TL;DRSouth Korea’s Personal Information Protection Commission fined Coupang a record 624.7 billion won ($409 million) over a data breach that exposed roughly 33.7 million customer accounts. The penalty, the largest in South Korean history, has deepened a diplomatic rift between Seoul and Washington.

South Korea’s privacy watchdog has slapped e-commerce giant Coupang with a record-breaking 624.7 billion won ($409 million) fine, the largest data breach penalty in the country’s history. The ruling, handed down today by the Personal Information Protection Commission (PIPC), dwarfs the previous record of 134.8 billion won imposed on telecoms firm SK Telecom last year.

The penalty stems from a breach that reportedly exposed the personal data of more than 33.7 million customer accounts, roughly two-thirds of South Korea’s entire population. Names, email addresses, phone numbers, shipping addresses, and order histories were all compromised, though payment credentials were reportedly unaffected.

How the breach unfolded

According to Al Jazeera, a former Coupang employee who was a Chinese national stole a cryptographic signing key and used it to gain unauthorised access to customer data from overseas servers. The intrusion reportedly ran undetected for nearly five months, from June to November 2025.