South Korea has imposed a record privacy fine on Coupang after a large-scale data leak exposed customer information and triggered fresh concerns about ecommerce security. The breach reportedly involved names, phone numbers, delivery addresses and purchase history, making it one of the most serious customer data exposure cases linked to the country’s online retail industry.
The Personal Information Protection Commission said its investigation found weaknesses in Coupang’s data protection systems. The regulator stated that poor access controls and improper handling of authentication signing keys contributed to the exposure of customer information. Coupang, one of South Korea’s biggest online shopping platforms, has said it regrets the concern caused to customers but plans to challenge the decision through legal steps.
Millions of users affected
The case became a major privacy issue after investigators found that about 37.5 million users were affected by the breach. That figure represents a significant share of South Korea’s population and shows how deeply ecommerce platforms are connected to daily consumer life. Online retailers collect large amounts of personal data for ordering, delivery, payment processing and purchase tracking, which makes strong cybersecurity systems essential.
The regulator imposed a fine of 423.6 billion won over the personal data leak. A separate penalty of 201 billion won was also added over claims that user information was collected without proper consent. Together, the penalties signal a tougher approach by South Korean authorities toward companies that fail to protect sensitive customer data.
Security gaps under review
The Coupang data breach has put the spotlight on basic but critical security practices, especially access control and authentication key management. If these systems are weak, customer records can become vulnerable to unauthorized access. Delivery addresses and purchase history may seem routine, but such details can be misused for scams, profiling or targeted fraud.
For customers, the incident is a reminder to monitor suspicious messages, avoid unknown links and update passwords where needed. For ecommerce companies, the case sends a clear message that privacy protection is not just a compliance requirement but a core part of customer trust.
Company prepares legal challenge
Coupang has said it will review the official decision and present its position through legal procedures. The company also said it has taken steps to reduce further damage and improve security after the incident. However, the case is likely to remain under close public and regulatory attention because of the scale of the leak and the size of the penalties.
The outcome could influence how South Korea handles future data protection cases involving large technology and retail platforms. As online shopping continues to grow, companies will face greater pressure to protect customer information, strengthen internal controls and prove that privacy is being treated as a serious business responsibility.
