Data protection watchdog says e-commerce giant failed to implement safety measures and delayed reporting breach.By AFP and ReutersPublished On 11 Jun 202611 Jun 2026South Korea has hit e-commerce giant Coupang with a record $408m fine over a leak that allegedly exposed the data of more than 30 million customers and provoked the ire of US lawmakers.The Personal Information Protection Commission said on Thursday that the New York-listed company had leaked personal data of more than 33 million customers and failed to report the breach within the 72 hours required by the law.Recommended Stories list of 4 itemsend of list“This accident occurred due to Coupang’s lack of safety measures and systems, not sophisticated hacking,” Song Kyung-hee, the chairperson of the privacy regulator, told a briefing on Thursday.Coupang “delayed breach notifications”, Song said.“As a result, those individuals were unaware of the breach and deprived of the opportunity to take steps to prevent secondary harm,” she said.After the fine was announced, Coupang apologised for having caused concern to the public and its customers.But the company said that “we regret that our proactive measures to prevent secondary harm from last year’s data leak incident, as well as our explanations based on clear facts, were not sufficiently reflected” in the regulator’s decision.Coupang, which is based in Seattle, the United States, but generates most of its revenue in South Korea, signalled that it would challenge the fine in court.The fine is by far the largest ever penalty for a data leak in South Korea, far exceeding the previous record of an $88m fine imposed last year on mobile carrier SK Telecom.The penalty follows a finding by a government-led investigation earlier this year that blamed the breach on management failure. A …
