Seoul: South Korea’s data protection watchdog on Wednesday, January 14, urged online retailer Coupang to take down its independent probe results into a massive data leak from its mobile application and website, describing them as unverified information.
The Personal Information Protection Commission took issue with the company’s notice that claims a former employee breached the personal information of 33 million users but saved data from only about 3,000 accounts, which Coupang claimed was later deleted. Coupang is currently under investigation by authorities over the data breach, which the company earlier reported in November as having impacted the personal data of 33.7 million customers, such as their names, phone numbers and delivery addresses.
The regulator said the company’s internal probe results could lead to confusion among the public as it has yet to be verified by an official investigation, noting the notice could be considered as interfering in its investigation into the company.
It noted Coupang has been uncooperative with its investigation by delaying or failing to submit requested documents, warning such acts could be seen as acts of obstruction that could be considered in possible future penalties.
It also called on the company to make improvements to its response measures to the leak, such as adding a function within its mobile app and website for users to look up whether their data has been breached.
Meanwhile, ordering a temporary suspension of business operations at e-commerce giant Coupang may be possible, the head of South Korea’s antitrust watchdog said, amid an ongoing investigation over a recent large-scale data breach at the US-listed company.
“If an order is not implemented or if it is deemed insufficient to provide relief to affected consumers, a business suspension is also possible,” Ju Byung-gi, chairman of the Fair Trade Commission (FTC), said in a radio interview.
Coupang announced the results of its internal probe on December 25, saying a former employee had stolen personal information from 33.7 million user accounts but saved data from only about 3,000 accounts, which, it claimed, was later deleted.
