The government unveiled plans Saturday to toughen the management and screening process for the state-certified information security system amid growing personal data breaches at authorized companies, such as Coupang.
The Personal Information Protection Commission and the Ministry of Science and ICT discussed the measures during an interagency meeting earlier in the day, as public distrust has grown over data security protection following the massive personal data breach at e-commerce giant Coupang.
Coupang recently disclosed that personal information belonging to over 33 million customers had been leaked and remained undetected for months, heightening privacy concerns in one of the world's most advanced information technology nations.
Coupang's massive data breach is the latest in a series of similar incidents at South Korean companies, including top mobile carrier SK Telecom.
Saturday's meeting concluded that the government will push to make the Information Security Management System (ISMS) a requirement for all companies engaged in relevant businesses, such as telecommunication and platform, officials said.
Currently, the ISMS and the ISMS-P — the security system for personal information — are certified by the government upon an operator's voluntary application.
The government will also conduct thorough post-screening of the responsible company in the event of a data breach and cancel the ISMS certification if the case is deemed severe.
The government will push to re
TPRM report: https://www.rankiteo.com/company/personal-information-protection-commission-pipc-republic-of-korea
"id": "per1765058117",
"linkid": "personal-information-protection-commission-pipc-republic-of-korea",
"type": "Breach",
"date": "2025-12-06T00:00:00.000Z",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': 'Over 33 million',
'industry': 'Retail',
'location': 'South Korea',
'name': 'Coupang',
'size': None,
'type': 'E-commerce'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': 'Over 33 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal '
'information'},
'description': 'Coupang recently disclosed that personal '
'information belonging to over 33 million '
'customers had been leaked and remained '
'undetected for months, heightening privacy '
'concerns in South Korea.',
'impact': {'brand_reputation_impact': 'Heightened privacy '
'concerns and public '
'distrust',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal information of over 33 '
'million customers',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Government announcement',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Coupang Massive Data Breach',
'type': 'Data Breach'}}