South Korea to fine Coupang for data leak

Published: 2026-05-12 00:05:08 ET CPNG

Published on 05/12/2026 at 12:05 am EDT

South Korea’s data watchdog finished an investigation into a massive data breach at e-commerce leader Coupang and will decide on penalties in June, industry sources reported on May 12, according to Yonhap News Agency.

The Personal Information Protection Commission (PIPC) notified the company of its findings in early April after probing a leak that exposed details of 33.6mn customers. The breach, first reported in November, included names, phone numbers and delivery addresses. This case is a major test for South Korean privacy law; the regulator is clearly looking to make an example of the country's biggest e-commerce player to signal that data negligence will no longer be tolerated at this scale.

Coupang reportedly challenged the PIPC findings during a mandatory 14-day opinion period. The watchdog aims to close the case by 1H26. Under current law, the regulator can fine companies up to 3% of average annual sales.

Based on the 2025 revenue of US-listed parent Coupang Inc. of KRW49 trillion ($32.2bn), the firm faces a theoretical maximum fine of KRW1.5 trillion ($1.01bn). For context, the PIPC handed its previous record penalty of KRW134.8bn ($90.72mn) to SK Telecom Co. (017670.KS) in 2025. A joint public-private investigation confirmed in February that 33.6mn accounts were compromised.

© 2026 bne IntelliNews, source Magazine