South Korea Fines Coupang US$410 Million Over Massive Data Breach

South Korea's Personal Information Protection Commission fined Coupang Corp a record 624.7 billion won on Thursday for a massive data breach ^[1].

The penalty signals a tightening of privacy enforcement in one of the world's most connected digital economies. By imposing the largest fine of its kind, the regulator is emphasizing that e-commerce giants cannot treat customer data security as a secondary priority.

The fine totals approximately U.S.$410 million ^[1]. According to the commission, the penalty is divided into two primary components: U.S.$270 million for the breach of personal information, and U.S.$130 million for the unauthorized tracking of online user activity ^[3].

Officials announced the decision during a press conference held at the government complex in Seoul ^[2]. The investigation revealed that the breach compromised the personal data of over 37 million customers ^[3].

Beyond the data leak, the regulator found that Coupang engaged in the unauthorized tracking of users. This practice violated national privacy laws by monitoring online activities without proper consent or legal justification ^[1].

The commission's action comes as South Korea continues to update its regulatory framework to combat digital surveillance and data mismanagement. The scale of the breach, affecting tens of millions of citizens, has placed Coupang under intense scrutiny from both the government and the public ^[2].

Coupang has not yet issued a detailed public response to the specific breakdown of the fines, but the commission said the record amount reflects the severity of the negligence and the volume of affected users ^[3].