South Korea’s data protection watchdog has advised Coupang to remove its independent investigation findings regarding a significant data breach from its platform. The Personal Information Protection Commission raised concerns over Coupang’s assertion that a former employee accessed the personal data of 33 million users but retained information from only around 3,000 accounts, which the company stated was subsequently deleted. Authorities are currently probing Coupang over the breach that compromised the personal details of 33.7 million customers, including names, phone numbers, and delivery addresses.
The regulator emphasized that Coupang’s internal investigation outcomes could cause confusion as they have not been officially verified. It cautioned that the notice issued by Coupang might be viewed as interference in the ongoing investigation. The watchdog also criticized Coupang for being uncooperative by delaying or failing to provide requested documents, warning that such behavior could be seen as obstruction and impact potential penalties in the future.
Additionally, the watchdog called on Coupang to enhance its response mechanisms to such breaches, suggesting the inclusion of a feature on its platform for users to check if their data has been compromised. Meanwhile, the head of South Korea’s antitrust watchdog mentioned the possibility of temporarily suspending Coupang’s operations amid the investigation into the recent data breach. Ju Byung-gi, chairman of the Fair Trade Commission, stated that if the current measures are deemed insufficient to assist affected consumers, a business suspension could be considered.
