Coupang Hit With Record 624.6 Billion Won Fine Over Data Breach

[Anchor]

The Personal Information Protection Commission (PIPC) has decided to impose a record-breaking fine of over 600 billion won on Coupang and its affiliates. The decision comes in response to a massive data breach as well as the unauthorized collection of user activity records.

Reporter Choi Seung-hun has the details.

[Reporter]

The total fine the Personal Information Protection Commission has decided to impose on Coupang following a massive data breach is 624.681 billion won.

Along with a fine of 16.8 million won, the commission also issued corrective orders and decided to file criminal complaints. Additionally, it imposed a separate fine of 248 million won on its affiliate, Coupang Fulfillment Services (CFS).

The PIPC determined that the incident stemmed from fundamental negligence in management.

[Song Kyung-hee / Chairperson of the Personal Information Protection Commission: It has been confirmed that this incident was not caused by a sophisticated hacking attempt, but rather by Coupang's inadequate safety management system and negligence.]

The commission stated that poor management of authentication signature keys and weak access controls allowed a former employee to misuse the keys, resulting in the leak of personal information belonging to approximately 37.55 million people.

Violations regarding the obligation to notify users of data breaches and the duty to destroy personal information were also identified.

The commission also confirmed that Coupang failed to ensure the independence of its Chief Privacy Officer (CPO) and obstructed the investigation.

The issues did not stop at the data breach.

The PIPC found that Coupang collected the browsing history of approximately 11.17 million members on external websites and apps without a legal basis.

The commission determined that the company stored information such as the time spent on sites featuring Coupang advertisements and IP addresses in a format that allowed for personal identification.

Coupang was also criticized for failing to address so-called "ad hijacking," where users were forcibly redirected to the Coupang website, allowing their activity records to be collected.

Furthermore, the PIPC ruled that it was illegal for CFS to manage a list of police press corps members as part of its employment restriction list.

The fine imposed on Coupang is the largest in history, far exceeding the previous record of 134.7 billion won issued to SK Telecom.

While Coupang apologized for causing concern to its customers and the public, it stated that its proactive measures and explanations regarding the facts were not sufficiently reflected in the PIPC's decision. The company added that it looks forward to having the facts clarified through legal proceedings.

Reported by Choi Seung-hun | Video by Jo Chun-dong | Video Editing by Park Ji-in
※ Please note: This article was translated by AI and may contain errors.