South Korea's data protection regulator has imposed a record fine of 624.7 billion won (approximately $409 million) on Coupang, the country's dominant e-commerce platform, over a massive data breach that exposed the personal information of around 37.5 million users. The Personal Information Protection Commission announced the penalty on Thursday, describing it as the largest ever levied against a single company for privacy violations in South Korea — more than triple the previous record fine of 134.8 billion won imposed on mobile carrier SK Telecom in August 2025.
The total fine consists of 423.6 billion won for the data breach itself and an additional 201.1 billion won for separate violations, including the unauthorised collection of online activity records — such as websites and apps visited — belonging to around 11.17 million users on third-party platforms. Regulators also fined Coupang's logistics arm, Coupang Fulfillment Services, 248 million won for additional privacy infractions, including maintaining an employment restriction list targeting journalists. Commission chairperson Song Kyung-hee was emphatic that negligence, not sophisticated hacking, was to blame.