On June 11, the Personal Information Protection Commission 개인정보 보호위원회 assessed a fine of KRW 624.6b (USD 412.8m) against Coupang 쿠팡 for the largest data breach in South Korean history, which compromised the personal information of 33.2m individuals, more than 60% of South Korea’s entire population. The fine was the largest since 2025, when SK Telecom SK 텔레콤 was fined KRW 134.8b (USD 89m).
The PIPC determined that weaknesses in Coupang’s security system led to the breach - and also found that the online retailer collected unauthorized personal information for more than 11m of its customers. The data breach has led to a diplomatic crisis between South Korea and the United States, as Coupang, listed on the New York Stock Exchange, decided to apply pressure on the Korean government through its lobbying efforts in Washington. (See previous coverage, “Coupang Wags the Dog.”)