Back

Coupang Fined Record 624.7 Billion Won for Major Data Breach in South Korea

Severity: High (Score: 72.0)

Sources: Kedglobal, Scmp, Businesstimes.Sg

Published: 2026-06-11 · Updated: 2026-06-11

Keywords: data, south, coupang, record, million, korea, billion

Severity indicators: data leak

Summary

Coupang, South Korea's largest e-commerce platform, has been fined a record 624.7 billion won (approximately US$409 million) by the Personal Information Protection Commission for a significant data breach affecting around 37.5 million users. The breach, which involved inadequate basic safeguards and poor management of authentication keys, exposed personal data and went undetected for months. The fine represents the largest penalty for a data breach in South Korea's history, surpassing a previous fine of 134.8 billion won against SK Telecom. Coupang's rapid growth and reliance on customer data have been cited as factors in the failure of its data protection systems. The company has expressed regret over the fine and plans to challenge the decision in court. The incident has also strained diplomatic relations between South Korea and the US, with allegations of political pressure regarding the treatment of Coupang's executives. Coupang's stock has dropped 35% since the beginning of the year, and the company anticipates slower revenue growth as it issues customer vouchers in response to the breach. Key Points: • Coupang fined 624.7 billion won for a data breach affecting 37.5 million users. • The breach was attributed to inadequate safeguards and poor management practices. • Coupang plans to challenge the fine in court and faces diplomatic tensions with the US.

Detailed Analysis

**Impact** Approximately 34 to 37.5 million South Korean users, representing about two-thirds of the country’s population, had their personal data exposed due to unauthorized access. The breach affected Coupang, South Korea’s largest e-commerce platform, and its logistics subsidiary, Coupang Fulfillment Services. The incident led to a record 624.7 billion won (US$409 million) fine, the largest ever imposed in South Korea for a personal data breach, and caused a 35% decline in Coupang’s stock value since the start of the year. The breach also triggered regulatory scrutiny and diplomatic tensions between South Korea and the United States. **Technical Details** The breach resulted from inadequate basic safeguards, including poor management of authentication signing keys and lax access controls, rather than sophisticated hacking techniques. A former employee improperly accessed personal information undetected for months. There are no details on specific malware, CVEs exploited, or infrastructure used. The incident occurred at the data access and exfiltration stages of the kill chain. **Recommended Response** Organizations should immediately review and strengthen access controls and authentication key management to prevent insider threats. Implement strict monitoring and alerting for unusual access patterns, especially by privileged users. Ensure timely notification procedures are in place to inform affected individuals within regulatory timeframes. No specific malware or IOCs were provided, so defenders should focus on internal access governance and compliance with data protection regulations.

Source articles (3)

  • South Korea hits e-commerce giant Coupang with record US$409 million fine for data breach — Scmp · 2026-06-11
    ‘Inadequate basic safeguards’ resulted in the personal data of around 37.5 million users being exposed, the privacy commission found Allegations of a massive data leak first surfaced in November, beco…
  • South Korea levies record $409 million in fines on Coupang over personal data leak — Kedglobal · 2026-06-11
    Coupang's trademark same-day 'rocket delivery' service A regulatory dispute over whether Bom Kim, founder of Coupang Inc., should be formally designated as the e-commerce group’s controlling individua…
  • South Korea fines Coupang record 624.7 billion won for data leak — Businesstimes.Sg · 2026-06-11
    [SEOUL] A South Korean regulator fined the country’s largest e-commerce platform, owned by US-listed Coupang, a record 624.7 billion won (S$527 million) for a wide-ranging cyber-intrusion that escalat…

Timeline

  • 2025-11-01 — Allegations of data leak surface: Reports emerged regarding a massive data leak at Coupang affecting millions of users, prompting investigations.
  • 2026-06-11 — Coupang fined 624.7 billion won: The Personal Information Protection Commission imposed a record fine on Coupang for violating data protection laws.
  • 2026-06-11 — Coupang responds to fine: Coupang expressed regret over the fine and indicated plans to challenge the decision legally.

Related entities

  • Data Breach (Attack Type)
  • Coupang (Company)
  • Coupang Fulfillment Services (Company)
  • South Korea (Country)
  • CWE-862 - Missing Authorization (Cwe)
  • Retail (Industry)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed