Coupang Hit with Record 624.6 Billion Won Fine; Company Apologizes While Contesting Decision

[Anchor]

The Personal Information Protection Commission (PIPC) has decided to impose a record-breaking fine of over 600 billion won on Coupang and its affiliates. The penalties stem not only from a massive data breach but also from the unauthorized collection of user activity records.

Reporter Choi Seung-hun has the story.

[Reporter]

The total fine the Personal Information Protection Commission (PIPC) has decided to impose on Coupang following a massive personal data breach is 624.681 billion won.

Along with a fine of 16.8 million won, the commission also issued corrective orders and referred the case for criminal investigation. Additionally, a separate fine of 248 million won was imposed on its affiliate, Coupang Fulfillment Services (CFS).

The PIPC concluded that the incident was caused by fundamental negligence in management.

[Song Kyung-hee / Chairperson of the Personal Information Protection Commission: It has been confirmed that this incident was not caused by sophisticated hacking, but rather by Coupang's inadequate safety management systems and negligence.]

The commission stated that poor management of authentication keys and access controls allowed a former employee to misuse a key, resulting in the leakage of personal information belonging to approximately 37.55 million people.

Violations regarding the duty to notify users of data breaches and the obligation to destroy personal information were also cited as issues.

The commission also confirmed that the independence of the Chief Privacy Officer (CPO) was not guaranteed and that there were circumstances indicating obstruction of the investigation.

The issues did not stop at the data breach.

The PIPC determined that Coupang collected the browsing history of approximately 11.17 million members on external websites and apps without a legal basis.

The commission judged that the company stored information such as the time of access to sites featuring Coupang advertisements and IP addresses in a state that allowed for personal identification.

Coupang was also criticized for failing to address "ad hijacking," where users are forcibly redirected to the Coupang site, which led to the collection of user activity records.

Furthermore, the PIPC ruled that it was illegal for CFS to manage a list of police press corps members as part of a list of individuals restricted from employment.

The fine imposed on Coupang is the largest in history, far exceeding the previous record of 134.7 billion won imposed on SK Telecom, by more than four times.

Coupang stated that it apologizes for causing concern to its customers and the public. However, the company also expressed that its proactive measures and explanations regarding the facts were not sufficiently reflected in the PIPC's decision, adding that it hopes the facts will be clarified through legal proceedings.

(Reported by Cho Chun-dong | Video by Park Ji-in)
※ Please note: This article was translated by AI and may contain errors.