Emerging risks | Growth Opportunities | APAC Insurance

Tuesday, July 7, 2026

Insight by…

Insight by type

Coupang data breach exposes Korea’s mandatory cyber insurance gap with Meritz policy capped at US$682k

The breach exposed personal data from 33.7 million accounts, leaving Coupang facing potential compensation claims of trillions of KRW, far exceeding the insurance policy’s limit.
Coupang data breach exposes koreas mandatory cyber insurance gap with meritz policy capped at us2k  rein asia
December 9, 2025

 • 

3 min read
The Inaugural Recognising excellence in Asia's insurance industry Find out more Entries close
28 August

(Re)in Summary

• Coupang’s data breach exposed information of 33.7 million users, with insurance cover capped at KRW 1bn (US$682k) from Meritz Fire & Marine Insurance, according to local media reports.
• Korea’s law mandates a KRW 1bn minimum cover for large firms, leaving most of Coupang’s potential liability — estimated at up to KRW 3.37 trillion — uninsured.
• Users are also suing for 200,000 won per person, which could raise compensation costs beyond historical precedent.
• Case highlights a protection gap in Korea’s mandatory cyber insurance limits, particularly for large platforms.

Coupang’s recent data breach has cast a light on the limits of Korea’s mandatory personal information leakage cover, with the e-commerce group’s policy with Meritz Fire & Marine Insurance capped at just KRW 1bn (approx. US$682k), according to local media reports.

Upon first detecting unusual activity, Coupang notified the Personal Information Protection Commission on 20 November that 4,500 accounts had been exposed. The company expanded this figure to 33.7 million on 29 November following a more thorough internal investigation.

Customer account data that had been leaked includes names, contact details, email addresses, shipping addresses, and partial order histories. The breach began on 24 June, but remained undetected for nearly five months.

Korea’s Personal Information Protection Act requires firms above a certain size and data thresholds to buy personal information leakage compensation insurance or set aside reserves. Companies with annual revenue above about KRW 80bn and more than 1m data subjects fall into the top tier, but are still only required to purchase a KRW 1bn policy.

With annual revenue of more than KRW 40 trillion, Coupang easily fits into the highest tier. The low limit of its cyber insurance protection, however, means it will now bear the vast majority of any compensation costs to users.

Over 3,370 times the policy limit

In past privacy cases in Korea, courts have awarded about KRW 100k per claimant for breaches. If courts award damages at historical precedent levels, Coupang’s compensation liability could reach at least 3.37 trillion won — more than 3,370 times the policy limit.

A further complication that could put upward pressure on compensation amounts is that users of the platform are currently suing Coupang for KRW 200k per person.

The protection gap between plausible loss scenarios and statutory minimum limits has fuelled concern in the non-life sector that Korea’s mandatory product falls far below the risk profile of large platforms with dense data concentrations.

SK Telecom, which suffered a breach affecting 23 million users in April, also carried the statutory 1bn won minimum with Hyundai Marine & Fire Insurance at the time of the incident. In October, SK Telecom purchased a separate cyber insurance policy with a KRW 100bn limit.

The case exposes a potential contradiction: minimum-limit placements are meant to ensure that all firms have protection from cyber losses, but if limits are too low, they leave the bulk of cyber risk uninsured when incidents affect scores of users, particularly if they trigger court actions across multiple jurisdictions.

For Meritz and its insurance peers, the outcome of the Coupang loss and any related litigation is likely to shape future pricing, capacity, and limit structures for personal information leakage and broader cyber covers in Korea.

The Inaugural Recognising excellence in Asia's insurance industry Find out more Entries close
28 August

Read next

Facade of a building with the Monetary Authority of Singapore sign (MAS logo on blue square) and gold letters reading Monetary Authority of Singapore, with palm trees reflected in the polished wall.
Sunset view of Sydney Harbour: the Opera House with the Harbour Bridge in the background over calm water, framed by green foliage on the sides.
City street at dusk with light trails from moving cars and a lit Tokyo Tower in the distance.