TrueUSD customer data exposed in third-party security breach

TrueUSD client data, including names and blockchain wallet addresses, is exposed following a security breach involving a third-party vendor.

A breach involving a third-party vendor has exposed sensitive client data of TrueUSD, a leading issuer of stablecoins. TrueUSD was alerted to the security incident by TrueCoin, the former service provider responsible for the company’s banking, customer, and product management. This incident has not compromised TrueCoin’s internal IT infrastructure.

The compromised data includes names, email addresses, and phone numbers of clients who had joined the platform between 2018 and 2019. Additionally, more extensive data such as client addresses, birth dates, the names of their banks, transaction histories and public blockchain wallet addresses were revealed.

TUSD team was informed by TrueCoin that they received a third-party vendor's notification that the vendor’s Security Team detected “an anomalous account change within [TrueCoin’s] organization made by a compromised support vendor.”

— TrueUSD (@tusdio) October 16, 2023

On Sept. 20, TrueCoin reported receiving an alert from a third-party vendor about an unusual modification within the organizational account. Although there is no evidence that the attacker manipulated, downloaded, or erased any personal data, the incident prompted an immediate investigation.

Steps taken by TrueCoin and TrueUSD

Upon receiving the alert, TrueCoin promptly initiated a thorough investigation, led by its cybersecurity and engineering teams, to gauge the scope of the security breach. The company acted quickly to avert any additional unauthorized access and assured that its internal systems remained secure throughout the incident.

TrueUSD is urging its clients to remain vigilant in monitoring their personal accounts for any irregular activities. Clients are also advised to be cautious of phishing attempts and to promptly report any unusual occurrences to the company.