Beyond fines: How Korea should respond to Coupang’s data breach, accountability gap

The recent personal information leak at Coupang should not be dismissed as an isolated cybersecurity incident. It reflects a deeper failure by a company that presents itself as an e-commerce leader, yet appears to have neglected even the most basic of responsibilities that come with collecting and monetizing vast amounts of customer data. When breaches occur at this scale, they are rarely the result of a single technical flaw; they are symptoms of questionable corporate priorities. The pattern points to a company that has underinvested in critical digital infrastructure while devoting significant resources to lobbying activities, choosing to manage regulatory and political risk rather than prioritize customer safety and security. This imbalance may be rational from a cost perspective, but it is deeply troubling from the standpoint of consumer trust and public accountability. Korea’s regulatory response to data breaches has relied mainly on administrative fines and corrective orders. While necessary, these measures fall short against dominant digital platforms. For a company of Coupa