South Korean authorities have imposed a record fine of over $400 million on Coupang for a data breach that compromised the personal data of more than 34 million customers. The retail giant plans to challenge the decision.
South Korean authorities have imposed a record-breaking fine of over $400 million on retail giant Coupang after a data breach last year compromised the personal data of more than 34 million customers. Seoul's Personal Information Protection Commission issued the maximum penalty on Thursday following the discovery of the breach in December 2025.
The breach, which lasted several months, allowed a former employee to obtain names, email and shipping addresses, phone numbers, and order histories of about two-thirds of South Korea's population. Coupang, often called the 'Amazon of Asia,' is headquartered in the U.S. but is hugely popular in South Korea.
Key Points
- Fine: $624 billion won (over $400 million) – a record for a data breach in South Korea
- Affected: Over 34 million customers – about two-thirds of South Korea's population
- Data exposed: Names, email and shipping addresses, phone numbers, order histories
- Coupang plans to challenge the regulator's decision
Coupang told BBC News that it plans to challenge the regulator's decision. The fine represents a rare case of a financial penalty issued against a U.S.-based firm. Korean lawmakers have accused some of their American counterparts of imposing political pressure after reports that U.S. representatives were linking the data breach with U.S.-South Korean bilateral ties in response to the case against Coupang's executives.
U.S. companies rarely face financial sanctions or criminal prosecution for data breaches due to lacking laws and enforcement powers. This case highlights the growing global scrutiny on data protection and the potential consequences for companies that fail to safeguard customer information.