my timesThe Korea Times
  1. Business
  2. Companies

Online commerce platforms on alert as Coupang set to face fine over data leak

Listen
By Yonhap
  • Published KST
  • Updated KST
A Coupang track is parked near a Coupang distribution center in downtown Seoul, Monday. Yonhap

A Coupang track is parked near a Coupang distribution center in downtown Seoul, Monday. Yonhap

Korean online platforms were seen carrying out emergency reviews of their data protection status, with Coupang widely expected to face major fines following a data breach, sources said Monday.

On Saturday, the U.S.-listed e-commerce giant said personal information of 33.7 million customers has been compromised, far higher than the 4,500 cases it initially believed to have been affected.

The figure indicates that nearly all Coupang users may have had their personal information, including names, phone numbers, email addresses and delivery details, leaked.

Coupang, which provides overnight delivery of fresh food and daily necessities, is one of the most widely used shopping platforms in Korea with 34 million monthly active users in November, up 0.68 percent from a month earlier.

Under Korea's privacy law, companies with a data breach can face fines of up to 3 percent of their revenue. SK Telecom, the country's top mobile carrier, received a fine of 134.8 billion won ($91.7 million) after a breach in April.

"We carried out an emergency internal security check over the weekend," said an official from Gmarket, another local shopping platform, adding the company is also considering additional steps.

An official from SSG.com told Yonhap News Agency the company has strengthened routine and on-the-spot inspections amid a series of breaches in the telecommunications and financial sectors.

"Currently, it is not known exactly how the data was leaked (at Coupang), and we are conducting an overall inspection, including internal data controls," another e-commerce industry official said. "We plan to take corresponding measures once the investigation reveals more details."

Experts said the latest leak indicates that Coupang had a fundamental loophole in its operating system and internal controls rather than a shortage of relevant spending.

According to the Korea Internet & Security Agency, Coupang invested 1.9 trillion won in information technology this year, including 89 billion won in information protection.

The figure was the third highest among Korean companies, following Samsung Electronics and KT.

Local civic groups issued a joint statement demanding that Coupang promptly present measures to protect consumers following the data breach.

"We demand that Coupang disclose the cause and scope of the leak in a transparent manner and provide an effective and detailed plan for compensation," a coalition of 12 consumer organizations, including the National Council of Consumer Education, said in a statement.

The groups said Coupang needs to take actions to prevent voice phishing, personal information theft and other potential damage stemming from the incident.

"(The government) needs to carry out a thorough investigation with strong administrative actions and establish measures to prevent a recurrence of such cases," they added.