NewKerala.com

Coupang Data Breach: Why 34 Million Users Must Be Re-Notified

South Korea's data watchdog has called out Coupang for not being straight with its customers about a huge data breach. The company told users their info was just "exposed," but the regulator says it was actually "leaked," and they have to send out corrected notices. On top of that, Coupang is getting hit with a wave of lawsuits from angry customers. The whole mess shows how serious regulators are getting about holding companies accountable when they lose our data.

Key Points: PIPC Orders Coupang to Re-Notify Users of 34M Data Leak

  • Regulator says Coupang downplayed the incident by calling it an "exposure," not a "leak"
  • The breach compromised data of 33.7 million customers, including names and addresses
  • PIPC orders new notifications and data protection advice within one week
  • Coupang faces class-action lawsuits seeking compensation for affected users
2 min read

Privacy regulator demands Coupang re-notify users of data breach

South Korea's privacy regulator demands Coupang correct its data breach notification to 33.7 million users, calling it a "leak," not just an "exposure."

"(We) will swiftly and thoroughly investigate... and will make strict punishment if violations are found. - Personal Information Protection Commission (PIPC)"

Seoul, Dec 3

The data protection regulator here said on Wednesday that e-commerce giant Coupang Inc. did not properly notify its customers of its recent major data breach, demanding a corrected notification of a personal information "leak" from an "exposure" of such data.

The Personal Information Protection Commission (PIPC) made the decision in an emergency meeting after the company said last week personal information of 33.7 million customers had been compromised, including names, addresses and phone numbers, reports Yonhap news agency.

While Coupang notified affected users of the breach, the PIPC said the company merely described it as personal information being exposed when it was aware that such data had been leaked.

The regulator said Coupang also partially omitted types of data affected while announcing the breach on its website for just one to two days.

It ordered the company to notify affected customers again of the leak, advise them of data protection measures, such as changing passwords, and reinspect steps to prevent harm to customers, among other measures.

It demanded Coupang submit the results of its measures within one week.

"(We) will swiftly and thoroughly investigate the circumstances, scope and items of Coupang's personal information leak, as well as violations of safety duties, and will make strict punishment if violations are found," it said in a release.

Meanwhile, the regulator said it strengthened the monitoring of illegal distribution of personal information on the internet and the dark web Sunday, which will last for three months.

Coupang is facing a wave of class-action lawsuits over its massive data breach that affected nearly 34 million customers. A law firm named Chung filed the first complaint against Coupang on Monday on behalf of 14 clients, seeking 200,000 won (about US$140) per person in damages. Many other law firms have also expressed their intention to participate in the class-action lawsuits and are now recruiting participants.

Considering past judicial precedents, however, the compensation awarded to users whose personal information was leaked was around 100,000 won per person, legal experts said on Wednesday.

- IANS

Share this article:

Reader Comments

R
Rohit P
33.7 million customers! That's a massive breach. The fact they only announced it on their website for 1-2 days is shocking. They were clearly hoping people wouldn't notice. Good on the regulator for stepping in. 🇮🇳
A
Aman W
The class-action lawsuit is the right move, but $140 per person seems very low for having your address and phone number leaked. In India, we'd be facing endless spam calls and phishing attempts. The compensation should reflect the real-world harm.
S
Sarah B
While the regulator's action is commendable, I respectfully think the 3-month monitoring period is too short. Once data is on the dark web, it's there forever. They need permanent, proactive surveillance, not just a temporary fix.
V
Vikram M
This hits close to home. We've seen similar issues with some Indian apps. Companies collect so much data but invest so little in securing it. Jai ho to the Korean regulator for holding them accountable! Hope our authorities are watching and learning.
K
Kavya N
Changing passwords is basic advice. What about monitoring for identity theft? For 34 million people, this isn't just a data point, it's their safety at risk. The company should be forced to provide free credit monitoring for years, not just a weak notification.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50