South Korea fines Coupang $409 million for data breach
The penalty against the e-commerce platform is the largest ever issued by Seoul's privacy commission, nearly five times the previous record.
South Korea's Personal Information Protection Commission has levied a 622 billion won ($409 million) fine against Coupang, the country's dominant e-commerce platform, for a personal data breach. The penalty is the largest ever issued by the commission and substantially exceeds the 134.8 billion won ($88.8 million) fine imposed on SK Telecom earlier in 2026.
The fine represents a sharp escalation in enforcement by South Korean regulators, who have historically imposed penalties measured in tens of millions rather than hundreds. The commission's willingness to impose fines approaching half a billion dollars signals a new baseline for data protection enforcement in one of Asia's most digitally connected economies.
Coupang, which operates logistics networks and streaming services in addition to its core retail platform, holds extensive personal and payment data on tens of millions of South Korean consumers. The company has not publicly disclosed the scope of the breach, the number of affected users, or the nature of the compromised data.
- 01E-commerce and fintech platforms in South Korea face materially higher compliance costs and breach liability.
- 02Multinational technology firms must reassess risk models for data handling in Korean operations.
- 03Insurers underwriting cyber liability in Asia will likely reprice coverage for South Korean exposure.
- 04Privacy officers at firms with Korean subsidiaries should audit breach notification and remediation protocols.