South Korean Government Moves to Impose Heavier Penalties After Massive Coupang Data Leak
Updated (2 articles)
Scale of breach reveals millions of exposed records The breach disclosed on Dec 1 exposed personal details of either roughly 10 million customers (as reported by the Justice Ministry) or 33.7 million customers according to Coupang’s own statement, showing a massive discrepancy in initial estimates[1][2]. Exposed data included names, addresses, phone numbers, email addresses, delivery details, and credit‑card information, indicating a comprehensive compromise of user profiles[1][2]. The leak sparked immediate public concern and heightened scrutiny of e‑commerce data safeguards[1].
Justice Minister announces review of privacy legislation Justice Minister Lee Jae‑yeong declared that the Ministry of Justice will examine the Personal Information Protection Act and related regulations to close gaps that allowed the breach[1]. Lee urged the government to tighten penalties for data‑breach violations, though he did not set a specific timeline for legislative changes[1]. The minister’s call reflects growing political pressure to hold corporations accountable for inadequate data protection[1].
Potential fines could reach billions under existing law South Korean privacy law permits fines up to 3 % of a company’s annual revenue for severe data breaches[2]. The precedent of SK Telecom’s 134.8 billion‑won fine illustrates the scale of penalties that could be applied to Coupang[2]. Analysts estimate that a fine based on Coupang’s 2025 revenue could amount to several hundred billion won, intensifying the company’s financial exposure[2].
Industry and consumer groups demand swift action Rival platforms Gmarket and SSG.com launched emergency security audits and reinforced inspections following the incident[2]. A coalition of 12 consumer organizations called for transparent disclosure of the breach’s cause, a detailed compensation plan, and anti‑phishing measures[2]. Coupang reported a 1.9 trillion‑won IT investment this year, including 89 billion won earmarked for information protection, yet the breach exposed systemic control weaknesses[2].
Sources (2 articles)
-
[1]
Yonhap: South Korean Justice Minister Calls for Stricter Penalties After Coupang Data Leak: reports the minister’s intent to review privacy law, cites a 10 million‑customer breach figure, and notes lack of a deadline for reforms.
-
[2]
Yonhap: Coupang Faces Potential Fine After 33.7 Million Customer Data Leak: details the larger 33.7 million‑customer breach, outlines possible fines up to 3 % of revenue, and highlights industry and consumer reactions.
Timeline
2020 – SK Telecom receives a 134.8 billion‑won fine under South Korea’s privacy law after a data breach, illustrating the maximum penalty of up to 3 % of a company’s revenue that regulators can impose. [1]
2025 (throughout the year) – Coupang invests 1.9 trillion won in IT, including 89 billion won earmarked for information‑protection systems, signaling a major push to bolster cybersecurity before the later incident. [1]
Dec 1, 2025 – Coupang announces that personal data of 33.7 million customers has been compromised, far exceeding the earlier estimate of 4,500 cases and exposing names, phone numbers, email addresses, and delivery details, sparking nationwide alarm over e‑commerce privacy. [1]
Dec 1, 2025 – Justice Minister Lee Jae‑yeong declares that the government will review and tighten penalties under the Personal Information Protection Act, citing the Coupang breach (which exposed roughly 10 million customers’ names, addresses and credit‑card details) as a catalyst for reform. [2]
Dec 1, 2025 – Competitors Gmarket and SSG.com launch emergency security checks and strengthen inspections, reflecting an industry‑wide scramble to audit data‑protection practices after the Coupang incident. [1]
Dec 1, 2025 – A coalition of 12 consumer organizations demands transparent disclosure of the leak’s cause, a detailed compensation plan, and anti‑phishing measures, underscoring public pressure for corporate accountability. [1]
Dec 1, 2025 – Analysts warn that Coupang could face fines up to 3 % of its revenue under Korean law, a penalty comparable to the 134.8 billion‑won fine levied on SK Telecom, highlighting the severe financial stakes of the breach. [1]