“This incident was caused not by a sophisticated hacking method, but by Coupang’s inadequate basic safety management system and negligent management,” said Kyung Hee Song, the chairperson of the regulator. “The company grew rapidly by using large-scale customer data to deliver innovative e-commerce services, but investigation found that its personal information protection and management systems failed to keep pace.”
Coupang, South Korea’s leading online retailing platform, has been under fire after regulators discovered a former employee improperly accessed personal information from nearly 34 million accounts, or about two-thirds of the country’s population, undetected for months.
Coupang said it regretted the regulator’s decision, which “did not fully reflect Coupang’s proactive measures to prevent secondary harm following last year’s data leak.”
“Once we receive the commission’s formal written decision, we hope the facts will be clearly established through the legal proceedings,” it added in a statement released after the decision was announced. Under Korean law, the company could still challenge the ruling in court.
Of the fine, 423.6 billion won was imposed for leaking personal data and 201.1 billion won for non consensual data collection, regulators said. They also imposed a separate 248 million won fine on Coupang Fulfillment Services, Coupang’s logistics subsidiary, for unlawfully collecting personal information and using it to place individuals on an employment restriction list.
