SEOUL: South Korea hit e-commerce giant Coupang with a record US$408 million fine on Thursday (Jun 11) over a leak that allegedly exposed more than 30 million customers' data and has provoked the ire of US lawmakers.
Coupang, the country's largest online retail platform, signalled in a statement that it would challenge the fine in court.
The government's move caps a months-long probe into Coupang, which is incorporated in the United States.
Allegations of a massive data leak first surfaced in November and have become an unexpected source of friction between Seoul and Washington.
Seoul's Personal Information Protection Commission said it would "impose a total of 624.68 billion won in fines ... on Coupang for violating safety obligations and collecting personal data without legal grounds".
It is by far the largest ever penalty for a data leak in South Korea - far exceeding the previous record of a US$88 million fine imposed last year on mobile carrier SK Telecom.
"Inadequate basic safeguards, including poor management of authentication signing keys and lax access controls" caused the personal data of around 37.5 million users to be exposed, the commission said in a statement.
Coupang has maintained that only 3,000 customer records were involved.
Commission chair Song Kyung-hee told a press briefing Thursday that the retail giant should have notified affected individuals within 72 hours.
But Coupang "delayed breach notifications", she said. "As a result, those individuals were unaware of the breach and deprived of the opportunity to take steps to prevent secondary harm."
Coupang on Thursday apologised for causing concern to customers and the public, vowing to strengthen its data protection framework.
"However, we regret that proactive measures taken to prevent secondary damage and explanations based on clear facts regarding last year's data breach were not sufficiently reflected" in the commission's decision, it said.
"After receiving the commission's official ruling, we expect the facts to be clearly established through legal procedures," Coupang added.
US DISPUTE
The commission also said Coupang had "unlawfully collected the online activity records of about 11.17 million users on third-party websites and apps, and stored them in a database in a state that allowed individual identification".
In April, South Korean lawmakers sent a joint letter raising concerns over "undue pressure" from US politicians regarding Seoul's investigation into the e-commerce giant.
The letter, co-signed by nearly 100 MPs, followed accusations by US Republicans that the probe into the US-listed company constituted "discriminatory regulatory actions" against American businesses.
The dispute has also reportedly affected high-level security talks between the two allies, according to local media.
Washington is said to have warned it would halt such talks unless the legal protections of Coupang chairman Kim Bom - an American citizen also known as Kim Bom-suk - were guaranteed.
The Coupang fine will "again draw backlash from the US" for its size, said Kim Dae-jong, professor of business at Sejong University in Seoul.
"Given it's far more than the previous high imposed on SK Telecom, Washington is expected to protest the move, with the view that it is an over-the-top measure," he said.
"Coupang is certain to challenge the move by taking it to court," Kim added.
Read the full article at Channel NewsAsia (CNA) →
SG