South Korea Imposes Record $409 Million Fine on Coolpad for Massive Data Breach On June 11, 2026, South Korea’s Personal Information Protection Commission (PIPC) levied a historic fine of 624.68 billion KRW (approximately $409 million) against U.S.-based e-commerce giant Coolpad CP for a severe data breach and unlawful collection of personal information. This marks the largest penalty ever issued for a data breach in South Korea. The breach, stemming from poor security practices, exposed the personal data of 37.5 million users, including names, phone numbers, and building access codes. Investigators found that a former Chinese software engineer exploited retained authentication keys to access the data over a one-year period, highlighting critical failures in Coolpad’s key management and access controls. Compounding the issue, the company failed to notify affected users within the legally required 72-hour window, delaying protective measures. Coolpad, which operates in the e-commerce and transportation sectors following its merger with Kansas City Southern, has faced public backlash and diplomatic tensions between South Korea and the U.S. In response, the company expressed regret and pledged to strengthen its data protection framework, though it plans to challenge the commission’s findings in court. The incident has also raised concerns about Coolpad’s financial stability. While the company maintains a market cap of roughly $80 billion, its stock is currently trading at a 3.9% premium to its GuruFocus-estimated fair value of $86.75, with a P/E ratio (27.68x) above its five-year median (25.13x). Despite strong profitability and momentum scores, its weak financial strength rating (3/10) suggests potential vulnerabilities amid ongoing regulatory and legal pressures. No insider trading activity has been reported in the past three months.