South Korean President Lee Jae Myung on Tuesday called for stricter penalties on corporate negligence after e-commerce giant Coupang reported the country’s largest data breach in over a decade. Personal data of some 33 million customers were leaked, far exceeding the platform’s active user base of 24.7 million. The breach, which reportedly began in June but was reported to authorities in November, exposed customer names, email and home addresses, and phone numbers.
Why It Matters
The incident has highlighted serious gaps in corporate cybersecurity and delayed reporting. Under current South Korean law, companies failing to protect personal data face fines up to 3% of annual revenue, which could exceed 1 trillion won ($680 million) for Coupang. The breach raises concerns about trust in digital services and the protection of personal information in an increasingly digital and AI-driven economy.
Coupang is under investigation by police and may face fines or a class-action lawsuit. The company’s CEO, Park Dae-jun, has indicated a former engineer may have been responsible, though others could be involved. Customers affected by the breach have had their personal information exposed. Lawmakers and President Lee are pushing for accountability, while the company’s founder, Bom Kim, has been urged to address the public personally. SoftBank Group, Coupang’s major investor, also has a stake in the fallout.
What’s Next
The government plans to review fines and punitive measures for data breaches, aiming to hold those responsible fully accountable. Coupang continues to cooperate with the investigation while addressing security vulnerabilities. Lawmakers may introduce tougher regulations, and potential lawsuits from affected customers could move forward in the coming months. Public scrutiny is likely to prompt both corporate and legislative changes in South Korea’s data protection framework.
With information from Reuters.