Coupang is facing a record fine from South Korean authorities. The Personal Information Protection Commission handed down a penalty of 624 billion won (over $400 million) after a data breach exposed the personal information of more than 34 million customers—roughly two-thirds of South Korea's entire population.
The breach, discovered in December 2025 according to TechCrunch, was orchestrated by a former employee who accessed names, email addresses, shipping addresses, phone numbers, and complete order histories.
Seoul's Personal Information Protection Commission issued the maximum penalty on Thursday. Coupang, which operates out of the U.S. but dominates the Asian e-commerce space, says it plans to challenge the decision.
Korean lawmakers have accused American counterparts of applying political pressure in response to the case. Reports suggest U.S. representatives attempted to link the data breach to bilateral U.S.-South Korean relations—a move that has drawn criticism on both sides.
The fine comes at a difficult moment for Coupang, which had positioned itself as a trusted logistics and retail powerhouse across Asia. U.S. tech firms rarely face criminal prosecution or major financial penalties for data breaches domestically, but international regulators are applying stricter standards.
Coupang told BBC News it intends to fight the decision. The company now faces a PR crisis and a substantial bill—a warning for any retailer handling large volumes of customer data.
