"Ten Times SKT"... Will Coupang Face a Record Fine of 1.334 Trillion Won?

[Financial News] A massive customer data breach involving 33.7 million records has occurred at Coupang, the nation’s largest e-commerce company. The government is reportedly planning to impose the maximum legal fine, which could reach 1.33 trillion won—equivalent to 3% of Coupang’s total revenue last year. This would mark the largest fine ever imposed on a company by the government.
On the 1st, New Daily reported, citing a government source familiar with the Coupang data breach, that the Personal Information Protection Commission (PIPC) plans to impose a fine on Coupang equivalent to 3% of its annual revenue, as stipulated by the Personal Information Protection Act.
The revised Article 64 of the Personal Information Protection Act, enacted in 2023, allows for a fine of up to 3% of a company’s total revenue in the event of a personal data leak.
A government official told New Daily, "Although the Personal Information Protection Commission does not publicly disclose the fine ceiling, internally, the plan is to impose the maximum penalty given the seriousness of the incident. The government and the PIPC are taking a very firm stance on Coupang’s data breach. Coupang will need to make significant efforts in post-incident measures to reduce the fine as much as possible."
On the same day, the Office of the President of South Korea stated, "The Coupang incident should serve as a catalyst for implementing punitive damages."
Under the Personal Information Protection Act, the fine for Coupang will be determined based on its 2024 revenue after accounting is finalized. Coupang’s revenue last year was 30.268 billion dollars, equivalent to 44.4727 trillion won. If the government imposes a fine equal to 3% of last year’s revenue, Coupang would face a penalty of about 1.334 trillion won.
In April, SK Telecom received a then-record fine of 134.79 billion won for a SIM card information leak.
However, if revenue unrelated to the violation is excluded and various mitigating factors are recognized, the actual fine could be lower.
Earlier, starting on the 30th of last month, the government launched a Public-Private Joint Investigation Team to conduct a full-scale investigation into the Coupang data breach. The team includes the Ministry of Science and ICT (MSIT) Cyber Incident Response Division, the Personal Information Protection Commission, the Office for Government Policy Coordination Science, Communications and Broadcasting Policy Division, and the Seoul Metropolitan Police Agency (SMPA) Cyber Investigation Division.
Meanwhile, on this day, fourteen victims of the Coupang data breach filed the first lawsuit against Coupang, seeking 200,000 won each in damages.
y27k@fnnews.com Seo Yoon-kyung Reporter