South Korea's Data Protection Authority Orders Coupang to Stop Publishing Unverified Data Breach Claims

On January 14, 2026, South Korea's Personal Information Protection Commission (PIPC), the country's data protection authority, ordered e-commerce giant Coupang to cease publishing its own conclusions regarding a data breach that exposed the personal information of millions of users. The PIPC determined that these unverified statements risked misleading users and undermining an ongoing official investigation. No technical details about the nature of the breach or the affected data were provided in the article. The reported impact is limited to the risk of user misinformation.