South Korean Data Watchdog Nears Final Ruling on Coupang's Massive Data Breach, Potential Fines Up to 1.5 Trillion Won

Deep News05-12 08:15

Sources disclosed on Tuesday that South Korea's data protection regulator has concluded its investigation into a major data breach at e-commerce giant Coupang, Inc., with a final penalty decision expected as early as next month.

Industry insiders familiar with security matters stated that the Personal Information Protection Commission (PIPC) recently finalized its probe into the leak affecting over 33 million Coupang user accounts and informed the company of its findings early last month.

The sources indicated that the notification outlined the alleged violations of personal information protection laws by Coupang, Inc. and the corrective measures the regulator might impose. However, the notice did not specify a proposed fine amount.

Under its regulations, the PIPC is required to notify parties suspected of violating data protection laws of the intended sanctions and grant them at least 14 days to respond.

The sources believe Coupang, Inc. has opposed the overall measures contemplated by the regulator in its response.

Industry observers suggest the final penalty decision could be issued as soon as next month, with the PIPC aiming to close the case within the first half of this year.

According to South Korean data protection law, companies involved in personal information leaks can face fines of up to 3% of their average annual revenue over the past three years, though revenue from business unrelated to the violation may be excluded.

Based on the 2025 sales (approximately 49 trillion won, or about $32.2 billion) of Coupang, Inc., its U.S.-listed parent company, the regulator could theoretically impose a maximum fine of around 1.5 trillion won.

Last year, the PIPC fined SK Telecom 134.8 billion won for a data breach, the highest penalty the regulator has issued to date.

Coupang, Inc. reported the data breach in November of last year, which led to the exposure of customer personal information, including names, phone numbers, and delivery details.

A joint public-private investigation in February confirmed that information from more than 33.6 million accounts was compromised.

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap
Leave a comment