South Korean authorities have slapped e-commerce giant Coupang with a record $408 million fine for a data leak that allegedly exposed the personal information of more than 30 million customers, drawing criticism from US lawmakers.

The Personal Information Protection Commission (PIPC) announced Thursday that the New York-listed company leaked personal data of over 33 million customers and failed to report the breach within the legally required 72 hours.

“This accident occurred due to Coupang’s lack of safety measures and systems, not sophisticated hacking,” PIPC Chairperson Song Kyung-hee told a briefing. She added that Coupang “delayed breach notifications,” leaving individuals “unaware of the breach and deprived of the opportunity to take steps to prevent secondary harm.”

After the fine was announced, Coupang apologized for causing concern but expressed regret that its “proactive measures to prevent secondary harm” and “explanations based on clear facts were not sufficiently reflected” in the regulator’s decision.

The Seattle-based company, which generates most of its revenue in South Korea, signaled it would challenge the fine in court. The penalty is by far the largest ever for a data leak in South Korea, far exceeding the previous record of $88 million imposed on SK Telecom last year.

The fine follows a government-led investigation that blamed the breach on management failure. South Korea’s Ministry of Science and ICT earlier said a former employee, a Chinese national, stole a security key and gained unauthorized access to customer accounts.

The probe has added to trade friction with Washington, with concerns that South Korean authorities overstepped in their treatment of the US-listed company. In April, nearly 100 South Korean lawmakers sent a joint letter raising concerns over “undue pressure” from US politicians, following accusations by US Republicans of “discriminatory regulatory actions” against US businesses.

Coupang controls an estimated 40% of South Korea’s logistics services. “Coupang has grown its e-commerce service significantly based on vast customer data, but the company did not have a system to protect and manage customer information despite its business scale,” Song said.

Source: www.aljazeera.com