South Korea’s Personal Information Protection Commission has imposed a record fine of about 624 billion won, or more than $400 million, on Coupang after a data breach exposed the personal information of more than 34 million customers.
The regulator issued the penalty on Thursday after discovering the breach in December 2025. Coupang, which is headquartered in the U.S. and widely used in South Korea, told BBC News it plans to challenge the decision.
Customer Data Exposed
The breach affected about two-thirds of South Korea’s population, according to the company’s earlier disclosure. Coupang said a former employee obtained customer names, email and shipping addresses, phone numbers, and order histories.
In an official update on the cybersecurity incident, Coupang said it had prepared a 1.685 trillion won customer compensation plan. The company said the plan applied to 33.7 million customer accounts that were notified about the personal information leak at the end of November.
Regulator Issues Maximum Penalty
The Personal Information Protection Commission issued the maximum penalty after reviewing the breach. Reuters reported that the fine totaled about 625 billion won, or $409 million, and marked South Korea’s largest penalty for a data breach.
The regulator’s action represents a rare financial penalty against a U.S.-based company over a major data incident. Coupang is based in the U.S. but has a large customer base and major operations in South Korea.
Coupang Plans To Challenge Decision
Coupang told BBC News that it plans to challenge the regulator’s decision. The company has not provided further details in the source article about the legal grounds for its challenge.
The case has also drawn political attention. Korean lawmakers have accused some U.S. counterparts of applying political pressure after reports that U.S. representatives were linking the breach case to U.S.-South Korea bilateral ties.
U.S. companies rarely face financial sanctions or criminal prosecution for data breaches because of limited laws and enforcement powers in the country. TechCrunch reported that the Coupang fine stands out because of its size and because it was issued against a U.S.-based firm.
Featured image credits: Wikimedia Commons
For more stories like it, click the +Follow button at the top of this page to follow us.