Coupang Fined Record 620 Billion Won Over Massive Data Breach Involving Non-Members

[Anchor]

Coupang has been hit with a record-breaking fine of over 600 billion won for a massive personal data breach. It has been confirmed that the incident compromised not only the information of 33 million members but also the personal data of 4.33 million non-members, including their family members and acquaintances.

Reporter Jeong Jun-ho has the story.

[Reporter]

The massive personal data breach at Coupang occurred last November.

Seven months after launching an investigation, the Personal Information Protection Commission (PIPC) has decided to impose a fine of 620 billion won on Coupang.

This amount is more than four times the 134.7 billion won fine previously imposed on SK Telecom for a data breach involving 23 million customers.

It is the largest fine in history.

The penalty consists of 420 billion won for the personal data breach and 200 billion won for the unauthorized collection of online activity data from over 10 million members.

The number of victims grew during the investigation process.

In addition to 33.22 million members, the personal information of 4.33 million non-members—such as family and acquaintances listed in delivery addresses—was also leaked.

A total of approximately 37.5 million people were affected, with their names, phone numbers, addresses, apartment building entrance codes, and order histories exposed.

The government stated that Coupang failed to maintain even basic safety management protocols.

Management of authentication keys was so lax that a former employee could freely access the accounts of all members, and there was no follow-up action taken even after suspicious activity was detected on pages containing personal information.

[Song Kyung-hee / Chairperson of the Personal Information Protection Commission: This incident was not caused by sophisticated hacking methods, but rather by Coupang's inadequate basic safety management systems and negligence.]

The company also obstructed the investigation by deleting five months' worth of access logs, despite a government order to preserve evidence.

[Kim Seung-joo / Professor at Korea University's Graduate School of Information Security: It seems to clearly demonstrate that 'companies uncooperative with investigations will face higher fines'... In fact, such obstruction of investigations is viewed very seriously in foreign countries as well.]

Separately, the PIPC imposed a fine of 220 million won on Coupang Fulfillment Services, a logistics subsidiary, for unauthorized collection of personal information of 71 reporters from the National Police Agency press corps and registering them on a blacklist for employment restrictions.

Reported by Jeong Jun-ho | Video by Jo Chun-dong | Video Editing by Park Ji-in
※ Please note: This article was translated by AI and may contain errors.