Coupang Hit With Record 624.6 Billion Won Fine Over Data Breach

[Anchor]

The Personal Information Protection Commission (PIPC) has decided to impose a record-breaking fine of over 600 billion won on Coupang and its affiliates. The decision comes in response to a massive data breach as well as the unauthorized collection of user activity records.

Reporter Choi Seung-hun has the story.

[Reporter]

The total fine the Personal Information Protection Commission has decided to impose on Coupang following a massive personal data breach is 624.681 billion won.

Along with a penalty of 16.8 million won, the commission also issued corrective orders and referred the case for criminal investigation. Additionally, it imposed a separate fine of 248 million won on its affiliate, Coupang Fulfillment Services (CFS).

The PIPC determined that this incident stemmed from a failure in basic management.

[Song Kyung-hee / Chairperson of the Personal Information Protection Commission: It has been confirmed that this incident was not caused by sophisticated hacking, but rather by Coupang's inadequate basic safety management systems and negligence.]

The commission stated that poor management of authentication signature keys and weak access controls allowed a former employee to exploit these keys, resulting in the leakage of personal information belonging to approximately 37.55 million people.

Violations regarding the obligation to notify users of data breaches and the duty to destroy personal information were also identified.

The commission also confirmed that Coupang failed to guarantee the independence of its Chief Privacy Officer (CPO) and obstructed the investigation.

The issues did not stop at the data breach.

The PIPC concluded that Coupang collected the browsing history of approximately 11.17 million members on external websites and apps without a legal basis.

The commission judged that Coupang stored data such as the time of access to sites featuring Coupang advertisements and IP addresses in a format that allowed for personal identification.

Coupang was also criticized for failing to prevent so-called "ad hijacking," which forcibly redirects users to the Coupang site, thereby allowing their usage records to be collected.

Furthermore, the PIPC ruled that it was illegal for CFS to manage a list of National Police Agency press corps members on a restricted employment list.

The fine imposed on Coupang is the largest in history, far exceeding the previous record of 134.7 billion won levied against SK Telecom.

While Coupang apologized for causing concern to its customers and the public, it stated that its proactive measures and explanations regarding the facts were not sufficiently reflected in the PIPC's decision. The company added that it hopes the facts will be clarified through legal proceedings.

(Reported by Cho Chun-dong | Video by Park Ji-in)
※ Please note: This article was translated by AI and may contain errors.