South Korea’s knowledge safety regulator, the Private Data Safety Fee (PIPC), has imposed a report nice of 624.6 billion gained (roughly $409 million) on e-commerce big Coupang following a large knowledge breach that affected greater than 37 million prospects.
Its subsidiary Coupang Achievement Service was additionally fined 248 million gained for illegally accumulating, utilizing, and dealing with prospects’ private data and confidential knowledge.
It was additionally revealed that the private data of roughly 37.55 million folks was leaked on account of deficiencies in safety measures similar to insufficient authentication key administration and entry management.
PIPC additionally cited breaches of knowledge destruction and breach notification necessities, interference with the independence of Coupang’s knowledge safety officer, and obstruction of investigations.
PIPC introduced, “The private data of roughly 37.55 million folks was leaked on account of inadequate fundamental safety administration methods, similar to negligent administration of authentication signature keys and negligent entry management.” “For Coupang’s violation of security measures and assortment of non-public data with out authorized foundation, we imposed a nice of 624,681 million gained and a nice of 16.8 million gained, in addition to a correction order, public discover, and publication order.”
Coupang is an American on-line retail firm working within the Korean market with 95,000 staff and reported annual revenues of greater than $30 billion.
In late December, the corporate introduced plans to pay 1.685 trillion gained (roughly $1.17 billion) to compensate greater than 33 million affected prospects and to start distributing single-use buy vouchers totaling 50,000 gained (roughly $34) per buyer in January 2026.
The breach, one of many worst in South Korean historical past, occurred in late June however was solely found in mid-November, when the corporate warned that 33.7 million accounts had been compromised.
In line with South Korean authorities who took over the investigation, the primary suspect is a 43-year-old Chinese language nationwide who labored in Coupang’s IT division from 2022 to 2024.
Coupang later mentioned a former worker returned a number of onerous drives containing delicate knowledge. The suspect additionally threw a MacBook Air laptop computer into the river in an try to destroy proof, however the machine was recovered. Coupang additionally added that though the suspects accessed thousands and thousands of accounts, they retained person knowledge for roughly 3,000 accounts, and that this knowledge was deleted from all gadgets and never transferred to different gadgets.
SK Telecom, South Korea’s largest cell phone community operator, additionally warned prospects in April that delicate USIM knowledge had been compromised after its community was contaminated with malware. The corporate later revealed that the malware was first launched into its methods in June 2022, impacting a complete of 27 million subscribers (almost SK Telecom’s total buyer base).
Safety groups doc 54% of profitable assaults and concern a warning on solely 14%. The remainder strikes invisibly via the setting.
Picus’ whitepaper reveals the right way to take a look at your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
