Tsaaro got CERT-IN Empanelled | MeitY has published the DPDP Rules, 2023.
Tsaaro got CERT-IN Empanelled | MeitY has published the DPDP Rules, 2023.
Tsaaro got CERT-IN Empanelled | MeitY has published the DPDP Rules, 2023.
Tsaaro got CERT-IN Empanelled | MeitY has published the DPDP Rules, 2023.
Back To Home
Research Team (Tsaaro)
South Korea’s major e-commerce company, Coupang, faces a record $409 Million fine over a massive data breach
Mar 3, 2026
South Korea’s e-commerce giant, Coupang, a New York-listed company, was hit with a massive fine amounting to $409 million, making it the country’s largest data breach penalty to date. This penalty was imposed as a consequence of a significant leak of data of over 33 million users by the company last year. The findings of the Personal Information Protection Commission also stated that the company was involved in illegally collecting its users' personal information relating to their online activity without any agreement.
Additionally, the company failed to comply with the law by failing to detect this massive data breach within 72 hours. All these factors combined, this fine was imposed, which amounts to 1.4 % of Coupang’s revenue of 45 trillion won as estimated in 2025. One of the main factors behind imposing such a huge fine was due to the lack of diligence taken by the company to set standard safety measures and systems in place. It was reported that this data breach was not the result of sophisticated hacking, but due to the lack of proper safety measures that the company failed to undertake. A former employee simply stole the security key and gained access to a lot of customer accounts.
Even though this particular breach attracted the highest fine related to data privacy matters in South Korea, a lot of other firms have also been facing such cybersecurity issues of late. For instance, one of the cases involved the country’s largest mobile operator, which was fined $100 million for a data breach that involved around 20 million users. These incidents should be taken seriously by different multinationals across the world, and essential security measures must be undertaken.
It was reported that Coupang failed to properly handle authentication of signing keys. So, it’s important for every firm to handle sensitive personal data to ensure that centralized, encrypted key vaults are used and that Multi-Factor Authentication (MFA) is in place for all the systems. Additionally, to ensure that the breaches are detected early, regular drills with respect to incident response plans are conducted to comply with the legal requirements in place. Overall, the US-based company issued an apology; however, according to several reports, it is indicated that the company plans to pursue other legal routes, showcasing an intent to challenge the penalty at a higher forum.
News of the week:
1. Balancing Privacy and Truth: Supreme Court on DNA Testing
The Indian Supreme Court, in its recent judgment, ruled that a DNA test could be ordered for determining paternity and lineage, thereby discussing a long-standing legal question in the realm of privacy: Whether an individual’s right to privacy can be compromised in cases where biological parentage has to be determined. From the trend till date, it can be seen that the Court has always been cautious in ordering DNA tests, especially after the landmark K.S Puttaswamy judgment on Right to Privacy. DNA tests mainly require the collection of biological samples and, therefore, such tests attract concerns related to privacy and bodily autonomy. However, in this recent case, the Court went ahead and ordered the DNA tests despite challenges being raised on the grounds of privacy. It stipulated that in cases where the determination of paternity forms the main issue in a litigation matter and there’s no means for the collection of alternative evidence for the establishment of truth, DNA tests may be ordered in such scenarios. While maintaining its previous stance that DNA tests cannot be ordered routinely and as a matter of right, the Court tried to clarify what sort of exceptional circumstances would entail the requirement of a DNA test, thereby trying to balance the Right to Privacy with justice and truth-finding.
Source:https://www.livelaw.in/articles/dna-tests-privacy-paternity-supreme-court-clarifies-law-537783.
2. New privacy bill gives Massachusetts residents more control over their data
The lawmakers of Massachusetts unanimously passed the state’s Consumer Privacy Act, which seeks to protect the privacy of the state’s residents by granting them some new rights over accessing and deleting their user data held by big tech companies. Additionally, the bill also bans these tech giants from selling the residents’ exact location data. Statistics show that around 92 % of the voters vehemently supported the passing of this particular law. It is anticipated that this bill will be signed into law by September this year. Once this bill becomes law, it will be applicable to those companies that process more than 100,000 consumers' data. This bill is meant to prevent big companies from collecting users' information, such as their biometrics, health data, information regarding their sexual orientation, immigration status, etc., without their explicit consent. The companies will be completely banned from sharing users’ exact location details and selling such data across the State. This bill is a result of years of discussion and debate regarding how users’ privacy is violated in cases where the data brokers purchase the data from app developers and how they repackage and sell this data again to anyone, including stalkers, employers, the military, etc. This bill, if passed, would come as a significant relief to multiple users in Massachusetts, and it was praised by many groups advocating for privacy.
Source: https://www.aclum.org/ban-sale-location-data/.
3. Amazon’s Ring Doorbell Faces New Privacy Lawsuit
Recently, a Virginia resident filed a suit in Seattle against Amazon for its Ring Video Doorbell. The lawsuit claimed that Ring’s Familiar Faces feature also stores passersby images without their consent, thereby violating their privacy. When Ring was announced by Amazon last year, it faced a lot of pushbacks from many privacy advocates. However, Amazon moved past these concerns and launched it anyway. Amazon claims that the Ring Video Doorbell enhances security measures by allowing the homeowner to see a live video of what’s happening in front of the homeowner’s door. Additionally, its AI feature also has the capability to recognize familiar faces, which in turn gives familiarized notifications to the owners. While this may be beneficial for the house owner’s security, it comes to a crossroads with the privacy of those people who haven’t consented to be recorded. The lawsuit stipulated that a lot of people pass by the Ring’s Video Camera, and their facial information is collected and stored by this device. This is not the first time Amazon’s Ring has faced issues over the violation of privacy matters. In the year 2023, Amazon had to pay $5.8 million as a fine to the Federal Trade Commission because it was alleged that, using Ring, its customers accessed improper private videos of women. Additionally, it was claimed that the employees had full access to every video of the customer. Amazon maintained that the data is encrypted and unknown faces are automatically deleted after thirty days. With all these allegations and concerns regarding Amazon’s Ring, what comes out of this suit is yet to be seen.
Want to stay ahead?
Secure your communications today with a tailored privacy and compliance strategy from Tsaaro.com.