South Korea’s Personal Information Protection Commission has levied a record fine exceeding $400 million on e-commerce giant Coupang following a significant data breach that exposed the personal information of over 34 million customers. This breach, which occurred in 2025, compromised sensitive data including names, email addresses, phone numbers, shipping addresses, and order histories.
The breach was discovered in December 2025, revealing that a former employee had accessed and obtained customer data over several months. Coupang, often referred to as the ‘Amazon of Asia,’ is headquartered in the United States but has a substantial presence in South Korea.
In response to the fine, Coupang has announced plans to challenge the regulator’s decision, as reported by BBC News. This penalty marks a rare instance of a U.S.-based company facing significant financial sanctions in South Korea. The situation has also sparked political tensions, with some Korean lawmakers accusing U.S. representatives of exerting political pressure by linking the data breach case to U.S.-South Korean bilateral relations.
Notably, U.S. companies seldom face financial penalties or criminal prosecution for data breaches due to the lack of stringent laws and enforcement mechanisms in the United States.
This substantial fine underscores the growing global emphasis on data protection and the serious consequences companies can face for failing to safeguard customer information. It also highlights the potential for international political ramifications stemming from corporate data security incidents.
Source: TechCrunch
