South Korea’s data protection authority has hit Coupang — one of the world’s largest e-commerce platforms — with a record fine of $409 million (624.6 billion won) following a data breach that exposed the personal information of over 37 million customers. The regulator found that Coupang had an inadequate security system in place, specifically criticising poor management of authentication and encryption keys.
Investigators found that a former Chinese IT employee retained unauthorised access to the company’s systems for an extended period, during which data belonging to approximately 3,000 accounts was taken. More broadly, the breach affected authentication records and personal information for tens of millions of shoppers on the platform. The fine is the largest ever handed out under South Korea’s data protection law. Coupang, which is headquartered in the United States and operates primarily in South Korea with around 95,000 employees, has announced it will pay compensation to affected customers — roughly $34 per person in shopping vouchers.
How to check if you’re affected
Affected products include the Coupang e-commerce shopping platform and Coupang Play streaming service. If you have ever created an account or made a purchase on Coupang, your personal information may have been part of the breach.
- Check your email for official notifications from Coupang about the breach or compensation vouchers.
- If you used the same password on Coupang as on other sites, change it immediately on those other sites.
- Review your bank or credit card statements for any unusual charges you don’t recognise.
- Consider using a password manager to keep shopping accounts separate with unique, strong passwords.
Sources
- BleepingComputer: South Korea hits Coupang with record $409 million fine over data breach