[Alpha Biz= Reporter Kim Jisun] Coupang has been fined a total of 1.6 billion won by the Personal Information Protection Commission (PIPC) following the leakage of personal data from 150,000 individuals, including delivery workers and customers. The commission announced on November 28 that it had decided to impose a total fine of 1.58 billion won for violations of the Personal Information Protection Act during its 20th plenary session on November 27.

The breach involved the personal data of approximately 135,000 delivery workers from Coupang Eats in 2021, as well as the data of around 22,000 customers' order information in 2023. Investigations revealed that Coupang had provided the real names and contact information of delivery workers to restaurants until November 2021.

Coupang had been sending personal data, including real names and contact details of delivery workers, through an application programming interface (API) from Coupang Eats' server to restaurants, along with an anonymized phone number. This allowed restaurants to access sensitive personal information, such as real names and contact numbers, via the order management system "Oter Korea."

Despite a 2019 policy change to send only anonymized phone numbers to restaurants to protect delivery workers' personal data, Coupang continued to share their details until November 2021. Furthermore, when the company became aware of the data breach in November 2021, it failed to notify affected individuals within the mandated 24-hour period.

As a result, the PIPC imposed a fine of 278.65 million won for violating safety measures and failing to promptly notify affected individuals, along with an administrative fine of 10.8 million won. Additionally, the PIPC issued a corrective order to Oter Korea to comply with the obligation to dispose of the personal data it held.

 

 

[ⓒ 알파경제. 무단전재-재배포 금지]