Source linked

كوريا الجنوبية تقتل كوبانج بـ409 مليون دولار بسبب إخراج بيانات العملاء 33 مليون دولار

economictimes.indiatimes.com@market_structure4 hours ago·Technology Policy·3 comments

وفرضت لجنة حماية البيانات الشخصية عقوبات على Coupang بسبب عدم اكتشاف وتسجيل انتهاكات تؤثر على أكثر من 33 مليون عميل في غضون 72 ساعة المحددة.

coupangpersonal information protection commissionsouth koreadata breachprivacy finecybersecurity

South Korea's Personal Information Protection Commission (PIPC) just dropped a $409 million hammer on Coupang — the country's largest data breach penalty — for leaking personal data of 33 million customers and blowing past the 72-hour reporting deadline.

That's not a symbolic slap. The fine targets a New York–listed e-commerce giant that failed on two fronts: the breach itself and the failure to detect and report it in time. PIPC isn't playing.

What the $409 Million Fine Says About South Korea's Privacy Enforcement

South Korea's Personal Information Protection Act mandates breach notification within 72 hours. Coupang didn't make that window. Combined with the sheer scale — 33 million customers exposed — the regulator decided to make an example.

For context, South Korea's previous record fine was about $78 million (against Google and Meta for privacy violations). This $409 million penalty is in a different league. PIPC is signaling that data security lapses carry serious financial consequences, especially when reporting is delayed.

The 72-Hour Clock That Coupang Missed

The 72-hour rule is one of the strictest in Asia. Companies operating in Korea must have incident response processes that can detect, assess, and notify authorities in three days. Coupang's failure to do so for a breach affecting over a third of its customer base suggests systemic gaps in monitoring.

Coupang has not publicly detailed the breach vector or how attackers accessed the data. But the PIPC's fine implies both negligence in protection and negligence in detection. That's a double hit.

Why This Matters for Every Company Operating in Korea

This isn't just Coupang's problem. Any company handling personal data of Korean residents — from e-commerce to fintech to cloud services — needs to audit their breach detection workflows. The 72-hour clock doesn't start when you discover the breach; it starts when the breach occurs. Miss it, and you face penalties that can reach hundreds of millions.

Expect other regulators in Asia to sharpen their own reporting clocks and penalty scales. Coupang just set a precedent.

Source: South Korea fines Coupang $409 million in country's largest data breach penalty
Domain: economictimes.indiatimes.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Technology Policy

view topic
OpenAI Ties C2PA Provenance to EU Code of Practice for AI Content

OpenAI has been adding C2PA metadata and SynthID watermarks to DALL-E 3 images since 2024, and now commits to the European Commission's Code of Practice on Transparency.

Dario Amodei Calls for Mandatory AI Testing and Government Block Power

Anthropic CEO Dario Amodei proposes mandatory third-party testing for frontier AI models above a computing threshold, with government authority to block deployment if unacceptable risks are found.

Florida Cops Arrested a Man on a 93% Facial-Recognition Match - He Was 300 Miles Away

Robert Dillon spent days in jail after an AI flagged him as a suspect from a low-quality McDonald's surveillance still - despite license plate data showing he never visited the city.

US FISA Section 702 Reauthorization Faces Warrant Requirement Impasse

The reauthorization of mass surveillance authority under Section 702 of FISA is stalled as lawmakers debate a mandatory warrant requirement for FBI queries of Americans' communications.

Comments load interactively on the live page.