South Korea fines Coupang $400M+ for massive data breach

South Korean authorities have imposed a record-breaking fine of $624 billion won (over $400 million) on retail giant Coupang after a data breach last year compromised the personal data of more than 34 million customers. Seoul’s Personal Information Protection Commission issued the maximum penalty on Thursday following discovery of the breach in December 2025. The retail giant, which is headquartered in the U.S.

but popular in South Korea and likened to the “Amazon of Asia,” had said the months-long data breach allowed a former employee to obtain names, email and shipping addresses, phone numbers and order histories of about two-thirds of South Korea’s population. Coupang told BBC News that it plans to challenge the regulator’s decision. The fine represents a rare case of a financial penalty issued against a U.S.-based firm.

Korean lawmakers have accused some of their American counterparts of imposing political pressure after reports that U.S. representatives were linking the data breach with U.S.-South Korean bilateral ties in response to the case against Coupang’s executives. U.S.

companies rarely face financial sanctions or criminal prosecution for data breaches as a result of lacking laws and enforcement powers. The fine against Coupang marks a significant enforcement action by South Korean authorities, highlighting the growing scrutiny of data protection practices among global companies operating in the country. This move is likely to have far-reaching implications for businesses handling sensitive customer data, particularly those in the e-commerce sector.

As data breaches continue to pose a major threat to consumer trust and security, regulators around the world are stepping up their efforts to hold companies accountable for protecting personal information. The outcome of Coupang’s planned challenge to the fine will be closely watched, with potential consequences for the broader industry. The case also raises questions about the adequacy of data protection laws and enforcement mechanisms in the U.S.

and their impact on American companies operating abroad.