TrueUSD, a stablecoin issuer, recently suffered a security breach at the hands of a third-party, leading to the exposure of personal data belonging to some of its customers.
Screenshots shared on platform X, purportedly showing an email sent by TrueUSD to its users, revealed that those affected were primarily clients onboarded between the years 2018 and 2019. The compromised data included basic details such as first and last names, email addresses, and phone numbers.
However, more concerning was the exposure of sensitive data, encompassing mailing addresses, birthdates, bank affiliations, transaction histories, and blockchain wallet public addresses.
The lapse in security was traced back to TrueCoin, a previous service partner of TrueUSD, which managed banking, customer onboarding, and product operations.
TrueUSD was alerted to the security breach by TrueCoin after a third-party vendor detected an “unusual account activity” within TrueCoin’s system, pointing to a possible compromise of one of their support vendors. This was revealed by TrueUSD in a discussion on platform X on Monday.
Interestingly, the discussion highlighted that, according to TrueCoin’s records, there was no evidence of the attacker downloading, modifying, or deleting any personal data from its systems.
The thread elaborated, “Given that TrueCoin functioned as the TUSD operator up until July 13, 2023, they possess certain KYC (know-your-customer) and transactional history of TUSD users. A portion of this data may have been exposed to the perpetrator during the breach experienced by TrueCoin’s third-party vendor,” the team further clarified.
Based on the screenshots from TrueUSD’s email, as soon as the breach came to light, TrueCoin’s cybersecurity and engineering divisions promptly embarked on a thorough investigation to gauge the breach’s scope.
In the email, it was emphasized that the team acted rapidly to thwart any unauthorized intrusions, and importantly, TrueCoin’s intrinsic systems were unaffected during the incident.
For added safety, TrueUSD has advised its clients to be on high alert for potential phishing attempts and to consistently scrutinize their accounts for any anomalies.
Should TrueUSD users spot any irregularities, they are urged to reach out to the stablecoin provider without delay.