Despite Coupang's Second Notice Denying 'Payment Information' Theft... Reports of Unauthorized Transactions Continue

[The Financial News] South Korea’s largest e-commerce company, Coupang, issued a revised notice on the 7th in accordance with government directives following a massive data breach affecting 33.7 million customer records. The company also announced measures to prevent secondary damages, including phishing. While Coupang maintains in both its initial and second notices that no payment information was compromised, reports of unauthorized transactions continue to surface.

The notification Coupang sent on this day showed slight changes compared to the messages sent to affected customers on November 29 and 30 regarding the data leak.
The text message stated, "There was an incident where your personal information was leaked. No new leaks have occurred, and this notice is to provide precautions to prevent further damages such as impersonation and phishing, regarding the data breach announced since November 29." The controversial term 'exposure' was replaced with 'leak.'
Coupang also explained, "We promptly reported the breach to the relevant authorities as soon as we became aware of it," adding, "We are cooperating with the Ministry of Science and ICT (MSIT), Korean National Police Agency (KNPA), Personal Information Protection Commission (PIPC), Korea Internet & Security Agency (KISA), and the Financial Supervisory Service (FSS) in the ongoing investigation."
Aside from these changes, there was little else that differed.
Coupang emphasized, "We have repeatedly confirmed that, to date, there has been no leak of your card or account numbers, payment information, passwords, login credentials, or personal customs clearance codes." The company added, "The Korean National Police Agency (KNPA) announced that, based on a comprehensive investigation, there have been no suspected cases of secondary damage using information leaked from Coupang."

Other than changing the terminology and adding 'Fraud Prevention Guidelines,' the content remained largely similar to the previous notice, with no detailed explanation of the leaked items.

Contrary to Coupang’s expectations, cases of unauthorized payments from unknown sources continue to be reported.
Recently, on a Naver Café for victims of the Coupang data breach, users shared experiences such as, "I received a notification that a 140,000 KRW card payment failed," and "About a month ago, I received a mysterious overseas payment approval message."
Munhwa Broadcasting Corporation (MBC) also reported the case of Mr. Noh, who received a data breach notification from Coupang. Mr. Noh discovered through his credit card app that on the 28th of last month, more than $600 (about 900,000 KRW) had been charged: $405 at an American online fishing store, $10 at a U.S. ride-hailing service, and $194 at another U.S. shopping site.
There was a reason Mr. Noh suspected Coupang was responsible for these charges.
In an interview with MBC, Mr. Noh said, "This card is only used for Costco Wholesale Corporation and Coupang. Other than those, I never use it, and even if I did, I would never make such large transactions with this card," expressing his frustration.
y27k@fnnews.com Seo Yoon-kyung Reporter