A Year's Operating Profit Lost to Fines... Coupang Faces a 620 Billion Won Blow, Rocket Investment at Risk

The Personal Information Protection Commission has decided to impose a record-breaking fine and penalty of over 620 billion won on Coupang, following a massive personal data breach last year that affected more than 37 million cases. This decision has raised red flags for Coupang, which had been expanding its business with Rocket Delivery at the forefront. As the fine is equivalent to the annual operating profit that Coupang Inc., Coupang's parent company, earned last year, the company is expected to face significant burdens in terms of future investments and employment.

On the 10th, the Personal Information Protection Commission held a plenary session at the Seoul Government Complex and announced on the 11th that it had decided to impose a total fine of 624.6 billion won on Coupang for leaking the personal data of 37.5 million people and for illegally collecting members' online activity records without a legal basis. Of this, approximately 423.6 billion won was imposed for the large-scale personal data breach, while 201.1 billion won was levied for illegally collecting the online activity records of more than 10 million members. In addition, Coupang's logistics subsidiary, Coupang Fulfillment Services (CFS), was fined 220 million won for collecting the personal data of journalists who accessed the National Police Agency without legal grounds and registering them on an employment restriction list. The total amount imposed on Coupang by the Commission, including both fines and penalties, reaches approximately 624.9 billion won, the largest ever.

A Coupang logistics center in Seoul. Photo by Yonhap News Agency

View original image

Coupang plans to reflect this fine in its second-quarter results and clarify the facts through administrative litigation. During the plenary session, Coupang actively explained that there were no secondary damages from the data breach, that the company made every effort to recover the data, and that it had received the Personal Information & Information Security Management System (ISMS-P) certification for its security system excellence from the Commission. However, Coupang believes these points were not sufficiently taken into account.

According to the industry, once the government imposes a fine, the company is legally obliged to pay, and must reflect it as a loss in its quarterly results. An investment industry insider stated, "It is a basic accounting principle and a mandatory disclosure obligation to immediately reflect the government-announced fine in the relevant quarter's results to prevent misleading investors."

As a result, Coupang is expected to inevitably post a significant deficit in its second-quarter results this year. The 624.6 billion won fine is equivalent to Coupang Inc.'s consolidated operating profit of 679 billion won last year, meaning the company will bear the entire amount as a loss in a single quarter. Previously, in August 2024, Coupang was penalized by the Fair Trade Commission with a fine of 162.8 billion won for manipulating algorithms to favor its own private brand (PB) products and mobilizing employees to write product reviews. This was reflected as a loss in the second quarter of that year, resulting in an operating loss of 34.2 billion won and a return to deficit after eight quarters. Considering that Coupang's typical quarterly operating profit ranges from 100 to 200 billion won, the deficit is expected to be much larger. In the first quarter of this year, Coupang already recorded an operating loss of 354.5 billion won, largely due to member compensation payouts (1.6 trillion won) related to the data breach. This was the largest loss since the fourth quarter of 2021, when the company posted an operating loss of 480 billion won—marking a four-year and three-month high.

Delivery bags are stacked at the Coupang logistics center in Seocho District, Seoul. Photo by Yonhap News Agency

View original image

It is also expected that investments in Coupang's logistics infrastructure, considered a key growth driver, will inevitably be affected. Coupang had focused on investing in Rocket Delivery since 2014, pouring 6 trillion won into the business by 2023. From 2024, the company began investing an additional 3 trillion won over three years to achieve nationwide coverage for "Kusegwon" (areas eligible for Rocket Delivery). After posting its first operating profit in the third quarter of 2022 and maintaining profitability, the company eliminated its accumulated deficit (3.465 trillion won) in 2024 with share premium (capital raised in excess of par value) of 6.2159 trillion won. However, with successive fines from the Fair Trade Commission and the Personal Information Protection Commission totaling nearly 800 billion won, Coupang’s capacity for investment has diminished.

Large-scale direct employment is also expected to be affected. Coupang previously made headlines as Korea's second-largest employer after Samsung Electronics, directly employing 87,135 people across logistics and delivery at 100 logistics centers in 30 regions. An industry official pointed out, "With over 90% of unsold industrial complexes located in provincial areas, Coupang has maintained large-scale employment by building logistics centers within one to three years. If Coupang’s business contracts, not only could there be disruptions in the Rocket Delivery logistics network, but it could also become more difficult for regions with declining populations to secure jobs and for small and medium-sized businesses to find new sales channels."

View original image

The fine of approximately 423.6 billion won imposed on Coupang for the personal data breach is not only the highest in Korea but also significantly exceeds those imposed for similar cases overseas, raising concerns about fairness. Globally, the company that received the highest government fine for a hacking-related data breach was Meta, which had 533 million users’ data hacked and was fined 265 million euros (about 380 billion won) by the Irish Data Protection Commission in 2021. Equifax (about 118 billion won), which lost the information of 147 million Americans (roughly half the U.S. adult population), and hotel chain Marriott International (327 million people; a fine of 97 billion won), also experienced larger data breaches but were fined less than Coupang. Domestically, SK Telecom was fined 134.8 billion won by the Commission last year for a data breach affecting 23.24 million people.

Industry experts point to the current Personal Information Protection Act, which allows fines of up to 3% of the average revenue over the previous three years, as the cause of such imbalances. Because the calculation is based on company revenue rather than the seriousness of the incident or subsequent response measures, small and medium-sized companies are fined less despite the severity of their cases, while larger corporations are subject to astronomical fines. From September, a revised enforcement ordinance will take effect, raising the fine cap to as much as 10% of revenue, which could widen the gap even further.

Hot Picks Today

"If This Continues, Air Conditioners May Stop in July" Alarming Outlook and Solutions Discussed at Future Forum

• Trump: "Ending the Iran War"... US-Iran Peace MOU Imminent (Comprehensive)
• "Vests Become a 'Symbol of Success' in Korea, Drawing Attention from Foreign Media"
• "Foot Size 210-220mm"... Object Believed to Be Human Leg Found at Living Resource Center
• [Exclusive] Both SK hynix and Samsung Halted... Crisis Hits Semiconductor Factories

View original image

An IT industry insider commented, "In a situation where companies are continuously targeted by hackers, imposing punitive fines by mechanically multiplying the scale of the leak and company revenue can dampen the industry’s incentive to invest in security and cause serious disruption. The level of sanctions should be set by comprehensively considering the sensitivity of the information, the existence of actual secondary damages, and the company’s recovery and defense efforts."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.