South Korea Fines Coupang $400M Following Major Data Breach/Image@ BBC
South Korea’s Personal Information Protection Commission (PIPC) has levied a historic fine of over $400 million (£299 million) against online retail giant Coupang due to a significant data breach that compromised the information of more than 30 million customers last year.
This penalty marks the largest ever imposed by the PIPC for a data security incident.
The breach resulted in the exposure of sensitive information, including names, contact details, delivery addresses, and order histories of Coupang users.
Often likened to Amazon, Coupang is the largest e-commerce platform in South Korea.
In a statement to the BBC, Coupang expressed its “deep regret” over the incident and pledged to enhance its security protocols.
However, the company indicated its intention to contest the PIPC’s ruling.
The number of compromised accounts represents over half of South Korea’s total population of approximately 50 million.
The PIPC’s announcement included a fine of 423.6 billion won related to the data breach, along with an additional 201 billion won for the unauthorized collection of user information.
An investigation revealed that inadequate safeguards, such as poor management of authentication keys and access controls, led to the exposure of personal data belonging to around 37.5 million users.
Coupang asserted that its explanations and measures aimed at preventing future incidents were not adequately considered in the commission’s decision.
”We anticipate that the facts will be clarified through legal proceedings following receipt of the official resolution from the PIPC,” the company stated.
The ruling comes after a lengthy investigation into Coupang that began when allegations of the data leak emerged in November.
Although the company is headquartered in the United States, a significant portion of its revenue is generated in South Korea.
At the time of the breach, Coupang reported being alerted to an incident involving 4,500 customer accounts in November and promptly notified authorities.
However, subsequent investigations revealed that nearly 34 million accounts, entirely based in South Korea, were likely affected.
The breach is believed to have started as early as June via a server located abroad.
In the wake of the incident, Coupang’s CEO Park Dae-jun resigned, issuing an apology for the breach. Harold Rogers, the platform’s chief administrative officer, has been appointed as interim CEO.
Despite South Korea’s reputation for stringent data privacy standards, several high-profile cybersecurity incidents plagued local companies last year.
Notably, SK Telecom, the country’s largest mobile operator, faced a fine of nearly $100 million due to a data breach affecting over 20 million subscribers.
By: Magdalene Agyeiwaa Sarpong