RiskEvents
MonitoringMedium impactAI Refreshed

South Korea fines Coupang $409M over major data breach

Occurred 11 Jun 2026·Detected 17 Jun 2026·
🇰🇷 Seoul, South Korea (Coupang headquarters and regulatory jurisdiction)8 reports
CyberCyberCasualty & Liability

South Korea's privacy regulator has fined e-commerce operator Coupang approximately $409 million over a major customer data breach, described as the largest data breach penalty in the country's history. The action by the Personal Information Protection Commission highlights escalating data-protection enforcement in South Korea and raises the prospect of follow-on class action exposure for Coupang and other large e-commerce and technology platforms operating in the jurisdiction.

AI-generated from linked source reports. See our correction policy.

Impact verdict

Medium impact. MEDIUM: A confirmed $409M regulatory penalty against a named major e-commerce platform is a material cyber liability and D&O exposure event for underwriters covering Korean e-commerce/tech accounts. Severity is bounded medium because (a) the action is a regulatory fine on a single named insured, not a systemic market loss, (b) the number of affected individuals, insurance recovery position, and any class action quantum are unconfirmed in the source, and (c) the article does not disclose coverage triggers or whether the fine is insurable under Korean cyber/D&O wordings. The fine establishes a significant precedent for Korean privacy enforcement that may flow through to rate, attachment, and coverage dialogue for large platforms.

View assessment methodology

How we grade what we know -- Known · Reported · Uncertain. Methodology →

Intelligence ledger

Each line expands in place to its underlying sourced claim.

AI refreshed 17 Jun 2026, 01:58

Known4 lines

South Korea fined Coupang $409 million for a data breach
structured lineknown
No separate sourced-claim record is available for this line yet.
This is described as the country's largest data breach penalty
structured lineknown
No separate sourced-claim record is available for this line yet.
The fine was issued in South Korea, with the regulator and Coupang's operational presence anchored in Seoul.
coupang_breach_geo_kr_seoulgeographic anchorCyber
Market relevance: Geography anchors the loss in the Korean regulatory and insurance market, relevant for local policy wordings and APAC cyber aggregations.
Seoul, South Korea (Coupang headquarters and regulatory jurisdiction)” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media
South Korea's privacy regulator has imposed a fine of approximately $409 million on Coupang in connection with a major customer data breach.
coupang_kr_privacy_fine_amountregulatory enforcement precedentCyber
Market relevance: Regulatory penalty on a named major e-commerce platform is relevant to cyber and D&O underwriters covering large Korean digital platforms.
South Korea fines Coupang $409 million in country's largest data breach penalty” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media

Reported7 lines

The fine stems from a major data breach involving customer data
structured linereported
No separate sourced-claim record is available for this line yet.
Regulatory action taken by South Korean privacy authorities
structured linereported
No separate sourced-claim record is available for this line yet.
The $409 million fine is described as the largest data breach penalty ever imposed in South Korea.
kr_fine_largest_data_breach_penaltyregulatory enforcement precedentCyber
Market relevance: Establishes an enforcement benchmark that underwriters can reference when sizing cyber and D&O towers for Korean digital platforms.
South Korea fines Coupang $409 million in country's largest data breach penalty” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media
The fine relates to a major data breach involving Coupang customer information.
coupang_breach_customer_data_involvedloss pathway identificationCyber
Market relevance: Confirms a customer PII data breach, the type of loss typically covered under cyber and D&O policies.
The fine relates to a significant data breach affecting customer information” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media
The penalty was issued by South Korea's Personal Information Protection Commission (PIPC).
kr_regulator_personal_information_protection_commissionregulatory enforcement precedentCyber
Market relevance: Identifies the Korean data protection authority as the enforcer, useful for regulatory mapping and policy trigger analysis.
South Korea's privacy regulator has imposed a $409 million fine on e-commerce company Coupang” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media
The Coupang penalty is presented in coverage as a marker of escalating data protection enforcement in South Korea, with potential read-across to other large technology and e-commerce platforms operating in the country.
kr_cyber_enforcement_escalation_signalregulatory enforcement precedentCyber
Market relevance: Supports a view of tightening Korean privacy enforcement, relevant to cyber and D&O rate and coverage dialogue for Korean and APAC-exposed accounts.
The event highlights escalating data protection enforcement and cyber liability risk for major technology and e-commerce platforms operating in South Korea” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media
The event remains at signal lifecycle status, with the regulatory fine announced and follow-on litigation, appeal, or insurance recovery still uncertain.
coupang_breach_lifecycle_signallifecycle signalCyber
Market relevance: Lifecycle status frames expected follow-on intel priorities for cyber and D&O underwriters.
lifecycle_status: signal” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media

Uncertain9 lines

Number of individuals affected by the breach
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether Coupang will appeal the fine
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Total cost including potential class action lawsuits and remediation
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Timeline of the original breach incident
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The number of individuals affected by the Coupang data breach is not specified in the source.
coupang_breach_individuals_affected_countloss pathway identificationCyber
Market relevance: Affected individual count drives notification cost, regulatory severity, and potential class size.
Number of individuals affected by the breach” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media
The source does not specify the date or duration of the underlying data breach incident.
coupang_breach_timeline_uncertainloss pathway identificationCyber
Market relevance: Incident date drives which policy period responds and whether prior-knowledge exclusions apply.
Timeline of the original breach incident” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media
Potential follow-on class action exposure from affected Coupang customers is referenced but unconfirmed in the source.
coupang_class_action_exposure_follow_onloss pathway identificationCyber
Market relevance: Class action exposure is a key driver of cyber loss severity; the article flags but does not confirm litigation.
with potential regulatory liability and follow-on class action exposure” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media
Total cost of the incident, including remediation, regulatory fine, and potential class action exposure, is not disclosed in the source.
coupang_breach_remediation_costsloss pathway identificationCyber
Market relevance: Total loss quantum including remediation and litigation drives cyber tower sizing and D&O exposure.
Total cost including potential class action lawsuits and remediation” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media
Whether Coupang will appeal the $409 million fine is not stated in the source.
coupang_appeal_statusloss pathway identificationCyber
Market relevance: An appeal can delay or reduce the loss crystallisation date, affecting loss reserving.
Whether Coupang will appeal the fine” — yahoo.com · 11 Jun 2026, 04:00 · mainstream media

Loss estimates

Figures are shown side by side by basis and source. RiskEvents does not blend or average estimates.

Official Damage

USD 409,000,000Personal Information Protection Commissionas of 2026-06-11

Regulatory fine imposed on Coupang by South Korea's Personal Information Protection Commission for a data breach; described as the country's largest data breach penalty.

South Korea fines Coupang $409 million in country's largest data breach penalty
View source

Affected countries

🇰🇷 South Korea

Latest developments

  • South Korea has fined Coupang about $409 million over a major data breach, the country's largest data breach penalty on record. yahoo.com
  • The penalty is reported as the largest data breach fine in South Korea's history, setting a new enforcement benchmark. yahoo.com
  • The penalty stems from a major data breach involving Coupang customer information. yahoo.com
  • The action was taken by South Korea's Personal Information Protection Commission. yahoo.com
  • The article flags potential follow-on class action exposure, but no class action filing is confirmed in the source. yahoo.com
  • The number of customers affected by the breach is not stated in the source coverage. yahoo.com
  • It is not known from the source whether Coupang will appeal the fine. yahoo.com
  • The timing of the underlying breach incident is not specified in the source. yahoo.com

Timeline

Status Change17 Jun 2026, 11:30

Status changed to monitoring

Auto-transitioned: no updates for 6 hours

active -> monitoring

Status Change17 Jun 2026, 04:50

Status changed to active

evidence_trigger: developing_promotion

developing -> active

Corroboration17 Jun 2026, 04:50

South Korea's privacy regulator has imposed a record $409 million fine on e-commerce giant Coupang following a massive data breach. The penalty signals heightened regulatory enforcement in South Korea and may trigger D&O and cyber liability claims, as well as reinsurance pricing pressure for large-scale data breach exposures in the Korean market.

Source: koreatimes.co.kr (Mainstream Media) · View source

Status Change17 Jun 2026, 04:34

Status changed to developing

evidence_trigger: corroboration >= 2

signal -> developing

Corroboration17 Jun 2026, 04:34

South Korean e-commerce giant Coupang has been hit with a record $410 million fine by regulators over a significant data breach and unauthorised personal data collection. The penalty highlights escalating regulatory enforcement against data protection failures at major tech platforms. For the London market, this event may trigger cyber liability claims and signals tightening regulatory risk for large-scale data handlers operating in Korea.

Source: prokerala.com (Mainstream Media) · View source

Intelligence Refresh17 Jun 2026, 01:58
Initial Detection17 Jun 2026, 01:54

Initial Detection

South Korea's privacy regulator has imposed a $409 million fine on e-commerce company Coupang, the largest data breach penalty in the country's history. The fine relates to a significant data breach affecting customer information, with potential regulatory liability and follow-on class action exposure. The event highlights escalating data protection enforcement and cyber liability risk for major technology and e-commerce platforms operating in South Korea.

South Korea fines Coupang $409 million in country's largest data breach penalty

Source: yahoo.com (Mainstream Media) · View source

Lloyd's classifications

Tracking this kind of risk? Get an email when Cyber events escalate.

Get alerts
← Back to live events