Coupang Hit With Record $409 Million Fine Over Massive Data Breach

South Korean regulators have imposed a record-breaking 624.7 billion won ($409 million) fine on Coupang, the nation’s largest e-commerce platform, following a catastrophic data breach. The penalty, the largest of its kind in South Korean history, stems from an internal security failure that allowed a former employee to access the personal information of nearly 34 million users—roughly two-thirds of the country’s population—over several months. Regulators cited a lack of basic safety management and systemic negligence as the primary drivers of the incident.

The scale of this breach highlights a growing tension between rapid corporate expansion and the necessity of robust data governance. While Coupang built its market dominance by leveraging massive datasets to optimize its logistics and retail services, the Personal Information Protection Commission concluded that the company’s internal security infrastructure failed to scale alongside its business operations. Beyond the primary fine, a subsidiary, Coupang Fulfillment Services, was also penalized for the unauthorized collection of data used to maintain employment restriction lists, further complicating the company’s regulatory standing.

This incident has evolved into a complex geopolitical issue, straining relations between South Korean authorities and U.S. investors. Because Coupang is U.S.-listed, major stakeholders have accused South Korean regulators of discriminatory enforcement, prompting pushback from local lawmakers who view the pressure as an attempt to influence domestic legal proceedings. For Coupang, the fallout is both financial and reputational; the company has already warned of slowing revenue growth following the breach, and its stock has declined significantly this year. As the company considers a legal challenge to the ruling, the case serves as a stark reminder of the mounting costs associated with cybersecurity negligence in an era of heightened regulatory scrutiny.