South Korean Shopper Reports $2,200 in Unauthorized Charges After Coupang Data Breach
A South Korean consumer says credit cards stored on his Coupang account were used to make unauthorized purchases totaling about $2,200, adding to mounting concerns after the e-commerce giant confirmed a major data breach affecting customer information.
Coupang has said login credentials and payment details — including card numbers — were not among the compromised data. Still, consumer alarm is escalating as reports of suspicious activity emerge. According to local media, a man in his 40s living in the southeastern city of Pohang — identified only as Mr. A — received a notification from Coupang on Nov. 30 that some of his personal details had been leaked.
A day earlier, he had been alerted by his card company to a single ₩3 million (roughly $2,200) charge he says he never authorized. The transaction referenced only a payment processor, providing no indication of what was purchased.
Mr. A later learned that the perpetrator had first attempted a ₩4.99 million charge, which was declined due to his credit limit, before lowering the amount to ₩3 million. A separate ₩1.5 million attempt followed soon after.
Attempts were also made on another credit card saved to Mr. A’s Coupang account. When those purchases were blocked, the attacker allegedly tried to change the card’s PIN. He believes the timing strongly suggests a connection to the data breach. “I’ve used Coupang for years without a single issue.
Then this happens immediately after the leak notice. It’s hard to believe that’s a coincidence,” he told local reporters. Coupang’s call-center operators reportedly told him his payment information had not been leaked, but did not provide documentation to support the claim.
After filing a complaint with police, Mr. A contacted the payment processor and confirmed the charge was fraudulent.
The processor also acknowledged receiving other recent reports of unauthorized transactions. Cybersecurity analysts say criminals may be combining data exposed in the Coupang breach with information from earlier hacks targeting unrelated companies, enabling more sophisticated financial fraud.
Coupang says it is cooperating with law-enforcement authorities. The company has not disclosed how many users were affected or how the breach occurred.
