TrueUSD third-party security breach revealed blockchain wallet addresses of clients
Stablecoin issuer TrueUSD was hit by a third-party security breach that led to the exposure of personally identifiable information of some of its clients.
The information included the first and last names of customers, their email addresses, and phone numbers (for customers who were onboarded in 2018-2019.) Client addresses, dates of birth, bank names, transaction histories, and blockchain account public addresses were also exposed.
The breach involved TrueUSD’s former banking, customer onboarding, and product management service provider TrueCoin, according to an email seen by The Block.
A third-party attack vector
TrueCoin informed TrueUSD that on September 20, 2023, a third-party vendor notified them about “an anomalous account change within TrueCoin’s organization made by a compromised support vendor.” TrueCoin added it has no logs of the attacker downloading, altering, or removing personal identifiable information from its systems.
The email said that immediately after this notification, TrueCoin’s cybersecurity and engineering teams initiated an investigation to determine the extent of the breach. “TrueCoin took swift action to prevent any further unauthorized access. TrueCoin’s own internal systems were not compromised,” the message noted.
TrueUSD added that in light of this incident, it recommends that customers carefully monitor their personal accounts for any suspicious activity. TrueUSD added that clients should beware of any phishing attacks, and to contact the company if they notice anything unusual.
We have reached out to TrueUSD for comment and will update should we hear back.