Enforcement action · Personal Information Protection Commission (PIPC)
The PIPC Sanctions Coupang and CFS for Data Breaches and Infringements on Privacy
The PIPC Sanctions Coupang and CFS for Data Breaches and Infringements on Privacy is an AI-related enforcement action involving Personal Information Protection Commission (PIPC). Penalty: monetary_fine of $KRW 624,681,000,000. South Korea's PIPC sanctioned Coupang and CFS with significant penalties for multiple violations of the Personal Information Protection Act, including a major data breach affecting 33 million users, insufficient security, delayed notifications, and undermining CPO independence.
Action details
- Agency
- Personal Information Protection Commission (PIPC)
- Jurisdiction
- KR
- Enforcement type
- fine
- Document type
- enforcement action
- Penalty
- $KRW 624,681,000,000 monetary_fine
- Effective
- 2026-06-10
- Topic
- data privacy
Summary
The South Korean Personal Information Protection Commission (PIPC) issued substantial administrative sanctions against Coupang and Coupang Fulfillment Services (CFS) for severe breaches of the Personal Information Protection Act (PIPA). This action, including a penalty of KRW 624.681 billion for Coupang, resulted from a data breach affecting over 33 million users and 4.33 million third parties, caused by inadequate security management, delayed notifications, and undermining the Chief Privacy Officer's role. The PIPC also found failures in data destruction and evidence preservation. This indicates an active enforcement posture by the PIPC.
Primary source
https://www.pipc.go.kr/eng/user/ltn/new/noticeDetail.do?bbsId=null&nttId=3071 →Related Personal Information Protection Commission (PIPC) actions
- The PIPC Finalizes Prior Adequacy Review Results of Naver’s Agentic AI Search Service press release 6/4/2026
Frequently asked questions
- What is The PIPC Sanctions Coupang and CFS for Data Breaches and Infringements on Privacy?
- The South Korean Personal Information Protection Commission (PIPC) issued substantial administrative sanctions against Coupang and Coupang Fulfillment Services (CFS) for severe breaches of the Personal Information Protection Act (PIPA). This action, including a penalty of KRW 624.681 billion for Coupang, resulted from a data breach affecting over 33 million users and 4.33 million third parties, caused by inadequate security management, delayed notifications, and undermining the Chief Privacy Officer's role. The PIPC also found failures in data destruction and evidence preservation. This indicates an active enforcement posture by the PIPC. Primary source →
- Which agency brought the action?
- Personal Information Protection Commission (PIPC) brought this enforcement action in KR. Primary source →
- What was the penalty?
- The disclosed penalty is a monetary_fine amount of $KRW 624,681,000,000. Primary source →
- When did the action take effect?
- The action was effective 2026-06-10. Primary source →
- Where can I find the primary source?
- The primary source for The PIPC Sanctions Coupang and CFS for Data Breaches and Infringements on Privacy is at https://www.pipc.go.kr/eng/user/ltn/new/noticeDetail.do?bbsId=null&nttId=3071. AIGI does not paraphrase secondary commentary — every claim on this page links back to that primary source. Primary source →
Related
Stay informed