Coupang Hit With Record 624.6 Billion Won Fine Over Data Breach

[Anchor]

The Personal Information Protection Commission (PIPC) has decided to impose a record-breaking fine of over 600 billion won on Coupang and its affiliate. The decision comes after investigations revealed not only a massive data breach but also the unauthorized collection of user activity records.

Reporter Choi Seung-hun has the details.

[Reporter]

The total fine the Personal Information Protection Commission has decided to impose on Coupang following a massive personal data breach is 624.681 billion won.

Along with a fine of 16.8 million won, the commission also issued a corrective order and decided to file a criminal complaint. A separate fine of 248 million won was imposed on its affiliate, Coupang Fulfillment Services (CFS).

The PIPC determined that the incident stemmed from fundamental negligence in management.

[Song Kyung-hee / Chairperson of the Personal Information Protection Commission: It has been confirmed that this incident was not caused by sophisticated hacking, but rather by Coupang's inadequate safety management system and negligence.]

The commission stated that poor management of authentication signature keys and weak access control allowed a former employee to misuse the keys, resulting in the leak of personal information belonging to approximately 37.55 million people.

Violations regarding the duty to notify users of data breaches and the obligation to destroy personal information were also identified.

The commission also confirmed that Coupang failed to guarantee the independence of its Chief Privacy Officer (CPO) and obstructed the investigation.

The issues did not stop at the data breach.

The PIPC found that Coupang collected the browsing history of approximately 11.17 million members on external websites and apps without a legal basis.

The commission determined that the company stored information such as the time spent on sites featuring Coupang advertisements and IP addresses in a format that allowed for personal identification.

Coupang was also criticized for failing to address so-called "hijacking ads" that forcibly redirected users to the Coupang website, which in turn allowed for the collection of user activity records.

Furthermore, the PIPC ruled that it was illegal for CFS to manage a list of police press corps members as part of a list of individuals restricted from employment.

The fine imposed on Coupang is the largest in history, far exceeding the previous record of 134.7 billion won imposed on SK Telecom.

Coupang issued an apology for causing concern to its customers and the public. However, the company stated that its proactive measures and explanations regarding the facts were not sufficiently reflected in the PIPC's decision, adding that it hopes the facts will be clarified through legal proceedings.

(Video reporting: Jo Chun-dong | Video editing: Park Ji-in)
※ Please note: This article was translated by AI and may contain errors.