New York, June 11, 2026, 10:03 EDT
- Coupang shares traded higher in early New York hours, despite South Korea hitting the company with its biggest privacy fine yet.
- The company said it expects the estimated $410 million in fines to impact its second-quarter operating expenses. It plans to seek judicial relief.
- The next question is if the ruling will keep cutting into customer trust and margins, not only if Coupang can challenge the fine.
Coupang, Inc. shares climbed Thursday after South Korea’s privacy regulator set a record fine for last year’s big data breach and another data-collection issue. Investors now have a firm number for the regulatory question that’s been dogging the New York-listed e-commerce company. Shares were recently up $0.84, or 5.6%, at $15.96. The stock earlier hit $16.89.
No one saw it as a full vote of confidence. Relief is closer, but plenty of strings attached. South Korea’s Personal Information Protection Commission on Thursday approved 624.681 billion won in penalties and 16.8 million won in administrative fines for Coupang, along with orders for corrective action, public notices and other steps. According to the regulator, the case affects 37.55 million people whose data was leaked and another 11.17 million who had their online activity tracked illegally.
Coupang’s 8-K Thursday gave Wall Street a number to use. The company said PIPC set an administrative fine at about $278 million for the previously disclosed November 2025 data incident, plus another $132 million fine for a third-party ad program. Coupang’s total is roughly $410 million. It will show up in Q2 operating, general and administrative expenses, so the charge will hit the business cost line, not as a financing item.
The way Coupang records the charge is key for the stock. With margins already under pressure since the breach, investors want to know if the fine is a one-off or if payouts, remediation, lawsuits and weaker sales will drag out the pain. In its first quarter, Coupang booked net revenue of $8.5 billion, rising 8% from last year, but reported a net loss of $266 million. Adjusted EBITDA came in at $29 million. Adjusted EBITDA removes interest, taxes, D&A and some other costs.
The regulator called the incident a basic lapse in controls, not an advanced cyberattack. “This accident occurred due to Coupang’s lack of safety measures and systems, not sophisticated hacking,” Song Kyung-hee, the head of the privacy regulator, told reporters Thursday, per Reuters. Reuters said the fine works out to about 1.4% of Coupang’s 2025 revenue of 45 trillion won. Reuters
Coupang failed to properly manage its authentication-signing-key and access controls, the Korean regulator said, resulting in a leak that hit about 37.55 million people’s personal data. Regulators also ordered the company to put better safeguards in place, notify non-members affected by the breach, expand the chief privacy officer’s duties, and report back within three months.
Coupang isn’t treating the decision as final. The company said in its 8-K it hasn’t received the PIPC’s written decisions yet, so the final numbers, findings and corrective steps could change from what was announced. Coupang Corp. plans to “vigorously pursue judicial relief” at Seoul Administrative Court. The company also warned payments aren’t paused during appeal, and the fines can’t be deducted from income taxes. SEC
That’s part of the reason shares sometimes climb after negative headlines. The fine is hefty, but it swaps out uncertain regulatory risk for a defined cost, and there’s now a clear route for an appeal. When a stock has already taken hits over the same problem, investors can see clarity like this as useful.
Coupang says the hit to its business is still clear. In its 2025 annual report, the company said its Korean unit had announced roughly $1.2 billion in customer vouchers tied to the data incident, with redemptions set to start in January 2026. Coupang said the vouchers will cut revenue as they’re used. The company also flagged possible extra costs from clean-up, legal actions, and regulatory steps.
The first quarter was tough. Product Commerce active customers edged up 2% on the year to 23.9 million. Product Commerce adjusted EBITDA dropped $192 million to $358 million. Developing Offerings, which covers newer lines like Farfetch and other ventures, saw revenue climb 28%, but the adjusted EBITDA loss deepened to $329 million.
Competition is getting tougher. Reuters said earlier this year that fallout from the breach let rivals try to pull shoppers from Coupang. A proposed regulatory shift could also push more competition into ultra-fast overnight delivery, which is key to Coupang’s South Korea hold.
Risks are clear here. The appeal process could drag out, so the fine might still need to be paid and more paperwork could increase compliance demands. Management expects customer trust to come back, but that could take longer. Voucher redemptions could keep pulling down revenue. Ongoing class-action or regulatory costs might extend the impact into later quarters. Shares that bounced after markets priced in the bad news could fall back fast if there’s any sign that customers, regulators or courts are sticking with the issue.
The market is acting like Thursday’s decision is a shock it can price in, not an existential threat. Eyes are now on the three-month compliance check ordered by the privacy regulator and on Coupang’s judicial challenge in Seoul. The company is aiming to cut or wipe out a penalty that’s due to hit second-quarter numbers.
