Bloomberg via Getty ImagesCoupang is the dominant e-commerce company in South KoreaSouth Korea has hit online retail giant Coupang with a record fine of more than $400m (£299m) over a massive data breach that exposed the data of more than 30 million customers last year.
The fine is the largest ever issued by Seoul's Personal Information Protection Commission (PIPC) for a data breach.
The leak exposed the names, contact and delivery details and order histories of some customers of Coupang, South Korea's largest e-commerce platform often described as its equivalent of Amazon.
Coupang told the BBC it "deeply regrets the concern caused" and that it will strengthen its security measures, but added that it planned to challenge the PIPC decision.
The number of accounts affected by the incident represents more than half of South Korea's population of around 50 million people.
The PIPC on Wednesday announced the fine of 624.68bn won on Coupang "for violating safety obligations and collecting personal data without legal grounds."
The commission found that a lack of safeguards, including poor management of authentication signing keys and access controls, had resulted in the personal data of around 37.5 million users being exposed.
Coupang said that its explanations and measures to prevent further harm from the data breach "were not sufficiently reflected" in the commission's decision.
"Upon receiving the official resolution from the PIPC, we expect that the facts will be clearly established through legal procedures," said Coupang.
The decision follows a months-long probe into Coupang after allegations of the data leak surfaced in November.
The company is based in the US, but the majority of its revenue comes from South Korea.
Coupang told the BBC at the time that it was alerted to a breach involving 4,500 customer accounts in November and immediately reported it to the authorities.
But the company said that later checks found that nearly 34 million customer accounts - all in South Korea - were likely exposed. It added that the breach is believed to have begun as early as June through a server based abroad.
Following the breach, Coupang's boss Park Dae-jun resigned from his role, apologising for the incident. The platform's chief administrative officer Harold Rogers was appointed interim CEO.
South Korean firms faced a series of high-profile cyber-security incidents last year despite the country's reputation for tight data privacy standards.
Its largest mobile operator SK Telecom was fined nearly $100m over a data breach involving more than 20 million subscribers.
International BusinessSouth KoreaCyber-securityData breaches
