SOUTH Korea's Personal Information Protection Commission (PIPC) has imposed a historic fine of 624.7 billion won (approximately 409 million USD) on Coupang for a data breach in 2025 that compromised sensitive customer information of 37.5 million individuals. This fine is five times larger than previous records in the country, highlighting significant operational failures at Coupang, specifically in key management and access control.
The breach was traced back to a former engineer who exploited an unrevoked cryptographic signing key, allowing unauthorized access for several months. PIPC's stringent enforcement actions reflect a robust approach to data protection in South Korea.