The Presidential Workplace has introduced a powerful response to the Coupang incident involving the leak of private data of 33.7 million prospects, mentioning the necessity to impose punitive fines on the e-commerce firm. The Private Info Safety Fee (PIPC) has additionally emphasised that it’s going to “strongly punish firms the place critical private data breach incidents happen repeatedly,” resulting in projections that Coupang, going through its fourth data breach incident, might be topic to punitive fines of as much as 1 trillion received.
Analysts say the PIPC can impose fines of as much as 1 trillion received on Coupang. The fee has been implementing the revised Private Info Safety Act since 2023. Beforehand, solely income associated to violations of the Private Info Safety Act by firms was used as the idea for calculating fines, however since two years in the past, fines of as much as 3% of complete income might be imposed. Nevertheless, fines are calculated excluding income circumstances indirectly associated to data breach incidents.
Coupang’s income via the third quarter of this yr was 36.31 trillion received. This already approaches final yr’s complete income (38.299 trillion received). Amongst this, Coupang’s income excluding Taiwan, Coupang Play, and Coupang Eats, that are unrelated to this breach incident, is estimated at roughly 31.226 trillion received. A easy calculation of three% of this quantity may end in a most wonderful nicely exceeding 1 trillion received.
The PIPC units completely different wonderful imposition requirements in response to the severity of violations. For “minor violations,” the wonderful charge is about between 0.03% and fewer than 0.9%, whereas for “very critical violations,” it ranges from 2.1% or extra to 2.7% or much less. Amongst these, the fee judged SK Telecom, which had private data of roughly 23 million individuals leaked this yr, as a really critical violation. This was as a result of delicate private data akin to USIM authentication keys mandatory for subscriber authentication was included, and SK Telecom had not correctly noticed security measure obligations. Coupang can also be prone to be seen by the PIPC as a really critical violation, as Chinese language nationwide A, who has already left the corporate, has been recognized as a key determine on this data breach incident, and it has been revealed that Coupang left signature keys and different components in a legitimate state for an prolonged interval even after A’s departure.
This marks Coupang’s fourth private data breach incident. In October 2021, attributable to an error that occurred throughout software (app) updates, the names and supply addresses of 14 prospects had been uncovered below the product search window. From August 2020 to November 2021, the names and telephone numbers of roughly 135,000 Coupang Eats supply drivers had been transmitted to eating places. Subsequently, in December 2023, private data of twenty-two,440 orderers and recipients was uncovered in Coupang’s seller-only system.
Music Kyung-hee, who took workplace as PIPC chairperson in October, has additionally proven robust willingness to impose extreme punishment for repeated large-scale breach incidents, main the trade to count on substantial wonderful quantities. At her first press briefing after taking workplace final month, Music emphasised, “When repeated and critical private data breach incidents happen, we’ll guarantee correspondingly punitive fines are imposed.”
