Coupang user says $2,000 in unauthorized charges made on connected credit card a day before data breach alert

A Coupang user said someone ran up 3 million won ($2,040) in unauthorized charges on his credit card registered on Coupang a day before the e-commerce giant sent him a data breach alert.

The Coupang logo is seen at the company's office in Songpa District, southern Seoul, on Dec. 1. [NEWS1]

A Coupang user said someone ran up 3 million won ($2,040) in unauthorized charges on his credit card registered on Coupang a day before the e-commerce giant sent him a data breach alert.

The man residing in Pohang, North Gyeongang, told broadcaster YTN he received a text on Sunday alerting him to a 3 million won charge he did not make. He said the notice arrived one day before Coupang informed him that his personal data had been exposed.

He said the payment record listed only the name of a payment gateway, leaving him unable to see what the purchase was for.

A later review, he said, showed someone first tried to charge 4.99 million won to his card but failed due to the limit, then lowered the amount to 3 million won and succeeded. Another attempt for 1.5 million won followed.

The man said similar attempts were made on his other cards. When those failed, someone tried to change his card PIN.

He told YTN that only the cards he had stored in his Coupang account were targeted and said the timing made him suspect a link to Coupang’s data leak, which Coupang says started in June.

“I have used Coupang for years, and nothing like this happened. The timing lines up too neatly,” he said. “I can’t help but be suspicious.”

Coupang’s customer service team told him his payment information had not leaked, but did not provide documentation to support that claim, YTN reported.

The man filed a police report after discovering the charges. He said he also contacted the payment gateway, which confirmed the transactions were unauthorized and said other cardholders had reported similar cases.

Cybersecurity experts say the data leaked from Coupang could have been combined with personal information exposed in other breaches, enabling the fraud.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom. BY SHIN HYE-YEON [kim.juyeon2@joongang.co.kr]