"Concerns Over Secondary Damages From Phishing... Financial Sector on Alert After Coupang Data Breach"

Concerns are mounting that the recent Coupang personal information leak could lead to a surge in financial fraud, such as voice phishing and smishing, prompting both the government and the financial sector to take action and heightening overall vigilance. Actual cases of customer damage, including abnormal login attempts and an increase in phishing calls, have already begun to surface, and financial institutions are making every effort to prevent secondary damage.

According to industry sources on December 4, the Financial Services Commission and the Financial Supervisory Service have issued a consumer alert and are working with financial institutions to develop countermeasures, warning that suspicious text messages using fake delivery notifications may spread in the wake of the Coupang data breach.

Financial authorities believe that scammers could use leaked Coupang data, such as names and addresses, to impersonate government agencies or financial institutions and approach victims. They have cautioned that scammers may send smishing messages, tricking victims into installing remote applications under the pretense of checking leaked information or damages, or luring them to enter financial information under the guise of compensation procedures.

In fact, there have been numerous reports online of abnormal login attempts and notifications of overseas payment approvals. Many users have shared experiences of repeated unauthorized logins to their Coupang accounts. A woman in her 30s living in Mapo-gu, Seoul, said, "After hearing about the data leak, I checked my Coupang login history and found access from a device I have never used, so I immediately changed my password. I'm now worried about whether I should continue using Coupang." There have also been claims that Coupang accounts are being sold on Chinese e-commerce platforms, as well as reports of credit cards being used overseas without the account owner's knowledge.

There is also a growing movement toward class action lawsuits. On December 1, fourteen Coupang users filed a complaint with the Seoul Central District Court, seeking 200,000 won in damages per person. In addition, more than 30 Naver online communities are reportedly preparing further class action lawsuits against Coupang, suggesting that the number of lawsuits could rise.

The Broadcasting and Media Communications Committee has also warned users to be cautious of malicious apps and phishing messages that exploit the Coupang data breach or the distribution of consumer coupons for economic recovery. The committee emphasized that if users receive suspicious messages such as "Your order has been shipped" or "Notification of excess consumer coupon payment recovery and penalty imposition," they should not click on any included internet links or answer related phone calls.

Daejun Park, CEO of Coupang, is attending the current issues inquiry held at the National Assembly Science, Technology, Information and Broadcasting and Communications Committee plenary session on the 2nd and answering questions. On the right is Brett Mattis, Coupang CISO. 2025.12.2 Photo by Hyunmin Kim

Financial institutions are warning customers about voice phishing schemes that exploit the Coupang customer data breach. KB Kookmin Bank, for example, has posted a notice on its website cautioning users against clicking links or installing malicious apps in messages that impersonate delivery drivers, government agencies, or banks, and claim to need to correct delivery addresses or cancel payments. Other banks are also continuously alerting customers to the risks of voice phishing and smishing through public announcements.

The Financial Supervisory Service has launched an on-site investigation of Coupang Pay to check for data leaks, and has also begun an emergency inspection of Gmarket after an unauthorized mobile gift card purchase incident. Financial authorities have stressed that they will work closely with financial companies to prevent secondary damage resulting from personal information leaks. A financial authority official stated, "We have instructed financial companies to review their rapid response systems for voice phishing and to strengthen monitoring of suspicious financial transactions. We will also closely monitor trends in damage reports and respond swiftly if any incidents occur."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.