South Korean President Lee calls for harsher penalties after Coupang data breach
The company’s CEO endures hours-long grilling for shocking data loss
[SEOUL] Coupang’s top executives were grilled for hours by South Korean lawmakers about their failure to prevent the country’s largest ever data breach, an incident that has sparked public outcry over the widespread theft of sensitive personal information.
Park Dae-jun, the online retailer’s chief executive officer, appeared before parliament on Tuesday (Dec 2) to discuss the breach, which compromised the data of more than 30 million customers. Alongside the company’s chief security information officer, he fielded hours of questions about the perpetrator of the attack and the company’s slow response to the incident, which began in June.
Lawmakers are responding to mounting public anger over the breach that has affected nearly two-thirds of Koreans, granting unauthorised access to their shipping addresses and phone numbers.
With nearly 25 million active users, many Korean families rely on the Amazon-like retailer for the bulk of their shopping, typically handing over sensitive information like apartment door codes to facilitate deliveries.
In response to questions about who was behind the attack, Park told parliament that the company received an email last month from someone who claimed they had obtained a large amount of data from Coupang.
The email outlined how the data had been obtained and threatened to expose the information if the company did not improve their cybersecurity, he said.
Following local media reports that the attack was carried out by a former employee who had since returned to China, Park said the incident involved a Chinese national who left the company and had been a “developer working on the authentication system.” Shin Sung-beom of the opposition People Power Party said there was evidence that a “Chinese national is involved,” adding that “the incident could include an element of national security risk.”
South Korean President Lee Jae-myung said it was “truly astonishing” that Coupang had failed to detect unauthorised access of its systems for five months. Speaking at the beginning of a Cabinet meeting on Tuesday, he called for harsher penalties on companies that fail to protect their customers’ sensitive information.
Coupang’s shares closed down 5.4 per cent on Monday in New York. The company faces a potential fine of up to one trillion won (S$800 million) over the incident, lawmakers said.
SEE ALSO
The incident has contributed to a sense of urgency in bolstering the country’s online defences, as researchers say this year is on track to be the country’s worst on record with the highest number of cyberattacks to date.
SK Telecom, the country’s largest mobile carrier, was fined US$97 million this year for failing to safeguard customer data and for delayed reporting of breaches. KT Corp and Lotte Card also disclosed breaches in recent months.
Last week, the country’s largest crypto exchange Upbit was hacked in a suspected North Korean attack – the same day its parent company announced it had been bought by South Korean Internet giant Naver. BLOOMBERG
Decoding Asia newsletter: your guide to navigating Asia in a new global order. Sign up here to get Decoding Asia newsletter. Delivered to your inbox. Free.
Share with us your feedback on BT's products and services
