Coupang Offers Minimal Compensation After Major Data Breach in South Korea
South Korea’s e-commerce leader, Coupang, has offered just 50,000 KRW (approx. $35) in compensation to customers affected by a late-2023 data breach that exposed sensitive personal information, including home addresses and phone numbers. The payout has drawn criticism for its inadequacy, particularly as the platform is widely used for daily purchases, heightening concerns over repeated data theft.
The breach follows a string of high-profile incidents in South Korea’s financial and tech sectors. Shinhan Card recently disclosed a three-year-undetected breach affecting 190,000 users, where an employee was involved—only notifying victims 20 days after discovery. Earlier, Lotte Card suffered a major hack last summer, further eroding public trust. Meanwhile, Upbit, the country’s largest cryptocurrency exchange, faced a multi-billion-won hack but avoided penalties due to regulatory gaps in virtual asset oversight.
Experts point to weak internal security and lax regulatory enforcement as key factors, with critics arguing that agencies like the Financial Services Commission and Financial Supervisory Service share responsibility. While authorities claim preemptive detection of individual misconduct is difficult, industry observers note that hacking techniques have grown more sophisticated, sometimes taking up to five years to trace.
The pattern of delayed disclosures and minimal accountability has raised concerns about corporate prioritization of short-term profits over security. Analysts emphasize that stricter financial penalties may be necessary to compel firms to treat data protection as a priority amid increasingly complex financial services.
Source: https://www.ajupress.com/view/20260106100311427
Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang
신한카드 Shinhan Card cybersecurity rating report: https://www.rankiteo.com/company/shinhan-card
Lotte cybersecurity rating report: https://www.rankiteo.com/company/lotte
"id": "COUSHILOT1767675837",
"linkid": "coupang, shinhan-card, lotte",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Retail',
'location': 'South Korea',
'name': 'Coupang',
'type': 'E-commerce'},
{'customers_affected': '190,000',
'industry': 'Banking',
'location': 'South Korea',
'name': 'Shinhan Card',
'type': 'Financial Services'},
{'industry': 'Banking',
'location': 'South Korea',
'name': 'Lotte Card',
'type': 'Financial Services'},
{'industry': 'FinTech',
'location': 'South Korea',
'name': 'Upbit',
'type': 'Cryptocurrency Exchange'}],
'customer_advisories': 'Compensation offer of 50,000 KRW to affected '
'customers (Coupang); delayed notification (Shinhan '
'Card)',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal information (home '
'addresses, phone numbers)'},
'date_publicly_disclosed': '2024-01-06',
'description': "Coupang, South Korea's leading e-commerce giant, offered "
'50,000 Korean won (about US$35) in compensation to customers '
'affected by a massive data breach detected in late last year. '
'Sensitive personal information, including home addresses and '
'phone numbers, was exposed. The breach has raised concerns '
"about recurring data leaks in South Korea's e-commerce and "
'financial sectors.',
'impact': {'brand_reputation_impact': 'Eroded public trust',
'data_compromised': 'Sensitive personal information including home '
'addresses and phone numbers',
'identity_theft_risk': 'High'},
'lessons_learned': 'Hacking methods have become more sophisticated, and '
'internal security measures remain inadequate. Regulatory '
'oversight needs strengthening, and financial penalties '
'should be imposed to hold companies accountable.',
'post_incident_analysis': {'root_causes': 'Failed internal security, lax '
'supervision by financial '
'authorities, delayed detection, '
'and lack of regulatory penalties'},
'recommendations': 'Companies should prioritize security over short-term '
'profits. Regulators should enforce stricter penalties and '
'oversight. Preventive measures, including enhanced '
'monitoring and employee training, are critical to '
'mitigating future breaches.',
'references': [{'date_accessed': '2024-01-06',
'source': 'Aju Business Daily'}],
'regulatory_compliance': {'fines_imposed': 'None (Upbit case due to lack of '
'regulation)'},
'response': {'communication_strategy': 'Compensation offer of 50,000 KRW to '
'affected customers; delayed '
'notification in Shinhan Card case'},
'title': 'Coupang Data Breach Compensation Offer',
'type': 'Data Breach'}