Massive Leak Size Discrepancy Highlights Scope The breach disclosed on Dec 1 affected 33.7 million customers, far exceeding the earlier estimate of roughly 10 million cited by officials [2][1]. Exposed data included names, phone numbers, email addresses, delivery details, and in many cases credit‑card information [2]. The divergent figures underscore challenges in accurately assessing the incident’s full magnitude [1][2].

Justice Minister Announces Legislative Review Justice Minister Lee Jae‑yeong pledged to tighten penalties for data breaches and to examine gaps in the Personal Information Protection Act [1]. He emphasized that amendments will involve stakeholder consultations and parliamentary scrutiny, though no deadline was set [1]. The move reflects mounting pressure from consumer‑rights groups demanding harsher accountability [1].

Potential Fines Reach Billions Under Existing Law South Korean privacy law allows fines up to 3 % of a company’s revenue, a benchmark illustrated by SK Telecom’s 134.8 billion‑won penalty after a prior breach [2]. Analysts warn that Coupang could face a comparable sanction given its 2025 revenue, intensifying calls for swift regulatory action [2]. The prospect of such a fine adds urgency to the minister’s proposed legal reforms [1].

E‑Commerce Sector Ramps Up Security Measures Coupang’s CIO reported the deployment of new security protocols after the leak, while the firm invested 1.9 trillion won in IT this year, including 89 billion won earmarked for information protection [2]. Competitors Gmarket and SSG.com launched emergency security audits and tightened inspections in response [2]. Industry analysts argue that systemic safeguards across the sector remain insufficient despite these investments [1].

Consumer Groups Demand Transparency and Compensation coalition of twelve consumer organizations called for a detailed disclosure of the breach’s cause, a clear compensation plan, and measures to prevent phishing and identity theft [2][1]. Civil society groups have also urged the government to impose stricter penalties on firms that fail to protect user data [1]. Their advocacy is shaping the public discourse around data‑privacy reform in South Korea [1][2].