South Korean President Calls for Harsher Penalties After Coupang Leak Affects 34 Million Users
Updated (2 articles)
Scale of the breach shocks regulators and public The June 2025 intrusion into Coupang’s servers exposed personal data—names, addresses, phone numbers—of roughly 34 million customers, the largest data‑leak in South Korean history [1][2]. The company only detected the breach in December, five months after the initial exfiltration began on overseas servers [2]. The delayed discovery amplified concerns about corporate monitoring and notification practices.
Former Chinese employee identified as likely culprit Police investigations traced the illicit IP address to a former employee of Chinese nationality who had already left South Korea [1][2]. Authorities continue to track his digital footprints while confirming his role as the primary actor behind the data exfiltration [1]. The suspect’s departure complicates extradition and prosecution efforts.
President Lee demands stronger penalties and punitive damages At a cabinet meeting on Dec 2, President Lee Jae Myung urged the adoption of a punitive damages regime that would impose compensation beyond actual losses to deter future leaks [1]. He called for a “paradigm shift” in digital security, directing ministries to mobilize resources against secondary harms such as identity theft [1]. The administration plans to fast‑track legal reforms to embed harsher sanctions.
Chief of staff highlights flaws in current punitive‑damages system Kang Hoon‑sik, the presidential chief of staff, warned that the existing punitive‑damages mechanism is “virtually not functioning,” limiting its deterrent effect [2]. He tasked the Ministry of Science and ICT and the Personal Information Protection Commission with reporting on institutional reforms and corporate security support [2]. The critique underscores a gap between policy intent and practical enforcement.
Government prepares comprehensive institutional response Beyond penalties, the cabinet ordered a full investigation into the breach’s cause and mandated ministries to develop safeguards against secondary damage [1]. Plans include deploying all available resources to prevent fraud and identity theft stemming from the leaked information [1]. The coordinated effort aims to restore public confidence in South Korea’s digital ecosystem.
Sources (2 articles)
-
[1]
Yonhap: Lee Calls for Stronger Penalties After Coupang Data Breach: reports President Lee’s push for harsher sanctions, punitive‑damages system, and resource mobilization against secondary harm, citing the breach of 34 million users and suspect identification .
-
[2]
Yonhap: Coupang Data Breach Highlights Weaknesses in South Korea’s Punitive Damages System: emphasizes the ineffective punitive‑damages framework, calls for institutional reforms, and details the breach affecting over 33 million users and the former employee perpetrator .
Timeline
June 2025 – A former Chinese employee exploits overseas servers to exfiltrate personal data of nearly 34 million Coupang users, including names, addresses and phone numbers, marking the largest data‑leak incident in South Korean history [1][2].
Early December 2025 – Coupang finally detects the breach after five months, alerts authorities and begins cooperating with police to trace the IP address used in the theft [1][2].
Dec 1 2025 – President Lee Jae Myung receives a presidential briefing on the incident; chief of staff Kang Hoon‑sik declares the punitive‑damages mechanism “virtually not functioning,” cites the breach’s exposure of 33 million customers, and orders the Ministry of Science and ICT and the Personal Information Protection Commission to propose institutional reforms [2].
Dec 2 2025 – At a Cabinet meeting, President Lee calls for harsher sanctions and the adoption of a punitive‑damages system that imposes compensation beyond actual losses, urges a “paradigm shift” in digital security, and directs the administration to mobilize resources to prevent secondary harms such as identity theft [1].
Dec 2025 (ongoing) – Police confirm that the suspect is the former Chinese employee who left South Korea, and investigators continue tracking the breach’s IP address to assess the full scope of secondary damage [1][2].