PIPC concludes probe into Coupang data leak, to decide penalty as early as June
PublishedModified
The headquarters of e-commerce platform Coupang in Songpa District, southern SeoulYONHAP
Korea's data protection watchdog has concluded its probe into a massive data leak at e-commerce giant Coupang, with its final decision on the level of punishment expected to be made next month at the earliest, sources said on Tuesday.
GoogleAdmanager-KJD
The Personal Information Protection Commission (PIPC) recently concluded its investigation into the data breach that affected over 33 million Coupang customers and notified the company of the results early last month, according to security industry sources.
The notification reportedly included Coupang's suspected violations of the Personal Information Protection Act, along with potential corrective measures the agency may take. However, it did not include any specific amount of penalties, according to the sources.
Under its regulations, the PIPC must notify alleged violators of the data protection law of its punitive measures and provide an opportunity for them to submit their opinions for a minimum period of 14 days.
In its opinion, Coupang reportedly pushed back against the overall direction of the watchdog's potential measures.
Industry sources believe a finalized penalty decision will likely be made as early as next month, with the PIPC reportedly aiming to close the case within the first half of the year.
Under the data protection law, companies that suffer personal information leaks can be fined up to 3 percent of their average annual sales in the past three years, though sales from businesses unrelated to the violation can be excluded.
Based on the 2025 sales of Coupang's U.S.-listed parent company, which stood at approximately 49 trillion won ($33 billion), the regulator could theoretically levy a fine as high as around 1.5 trillion won.
Last year, the PIPC fined SK Telecom 134.8 billion won over a data leak, marking the largest penalty imposed by the regulator.
Coupang reported its data breach in November 2025, in which the personal information of its customers, including names, phone numbers and delivery details, was exposed.
A joint public-private probe into the breach confirmed in February that over 33.6 million accounts had been exposed.
![The headquarters of e-commerce platform Coupang in Songpa District, southern Seoul [YONHAP]](https://image.koreajoongangdaily.com/12527849.webp?imageId=12527849&width=960&height=600&format=jpg)
