Dear Support Team,
I am writing to request an urgent remediation and compensation plan regarding USD 1,900 in unauthorized charges related to my suspended Google Cloud project:
Project name: Gemini API
Project ID: gen-lang-client-0821344862
I received a notification from Google stating that this project was suspended because it was associated with abusive activity consistent with hijacking. The notice also stated that my organization may have inadvertently published affected service account credentials or API keys on public sources or websites, where a third party harvested them and initiated resources in my project.
Based on this notice, I believe the charges were caused by unauthorized third-party activity after my Gemini API credentials or API keys were compromised. I did not authorize this usage, and I did not intentionally create, operate, or benefit from the resources that generated these charges.
Because of this incident, I have already reported my credit card as lost/compromised and had it cancelled by my card issuer to prevent further unauthorized transactions.
I respectfully request that Google provide a remediation and compensation plan covering the following items:
Full reversal, refund, waiver, or billing credit for the approximately USD 1,900 in unauthorized charges caused by the hijacking activity.
As supporting evidence, please see the attached screenshot, which is the original Chinese SMS transaction alert from my bank, Shanghai Pudong Development Bank. It shows the charges that have already been incurred on my credit card: USD 100, USD 100, USD 200, USD 500, and USD 1,000, totaling USD 1,900.
Confirmation that no additional charges will be generated from this compromised project or related suspended resources.
Please also note that the credit card ending in 6403 has already been reported as lost/compromised and cancelled with my card issuer.
Because this card has been cancelled, please clarify how Google will process any refund, reversal, waiver, or billing credit for the disputed USD 1,900 charges. If Google must refund to the original payment method, please proceed with the refund or reversal and provide the refund transaction ID, ARN, or any other trace/reference number so that my card issuer can locate the refund and credit it back to my account or replacement card.
If the refund to the original card is rejected due to the card cancellation, please arrange an alternative refund method or billing credit and confirm the process in writing.
Written confirmation that these disputed charges will not be sent to collections, will not result in account penalties, and will not negatively affect my Google Cloud account standing while the investigation is ongoing.
Reimbursement or compensation for any reasonable incidental costs caused by this incident, including card cancellation or replacement fees, foreign transaction fees, exchange-rate losses, bank dispute fees, and any interest or late-payment charges if applicable.
A detailed billing and security review showing:
the exact time period when the unauthorized activity occurred;
the Google Cloud resources or APIs that generated the charges;
the regions, services, or usage patterns involved;
whether any service account keys, API keys, IAM permissions, or OAuth credentials were abused;
what steps are required from my side to prevent recurrence.
Escalation of this matter to the appropriate billing dispute, fraud, and security review teams.
For reference, the suspension notice I received states:
“We are notifying you that your project Gemini API (id: gen-lang-client-0821344…) has been suspended because it is associated with abusive activity consistent with hijacking.
Details
Project impacted: Gemini API (id: gen-lang-client-0821344…)
Description: We believe that your organisation may have inadvertently published the affected service account credentials or API keys on public sources or websites, where a third party harvested them to initiate resources in your project. This activity has resulted in the suspension of your project Gemini API (id: gen-lang-client-0821344…).”
This is a significant unauthorized charge, and the fact that Google has identified the project activity as consistent with hijacking strongly supports that the billing activity was not legitimate or authorized by me.
Please confirm receipt of this dispute and advise the expected process for refund, waiver, credit, or compensation review.
Sincerely,
[Google Cloud Billing Account ID,]
[Google Account Email
[Last 4 digits of cancelled card, 6403]