Companies • October 16, 2023, 8:08AM EDT
Published 5 minutes earlier on
UPDATED: October 17, 2023, 6:38AM EDT

TrueUSD third-party security breach revealed blockchain wallet addresses of clients

Read the non-AMP story on Theblock.co
The Block

Quick Take

  • TrueUSD customers have received an email warning them about a security breach that may have compromised their personally identifiable information.

Stablecoin issuer TrueUSD was hit by a third-party security breach that led to the exposure of personally identifiable information of some of its clients.

The information included the first and last names of customers, their email addresses, and phone numbers (for customers who were onboarded in 2018-2019.) Client addresses, dates of birth, bank names, transaction histories, and blockchain account public addresses were also exposed.

The breach involved TrueUSD's former banking, customer onboarding, and product management service provider TrueCoin, according to an email seen by The Block.

A third-party attack vector

TrueCoin informed TrueUSD that on September 20, 2023, a third-party vendor notified them about "an anomalous account change within TrueCoin's organization made by a compromised support vendor." TrueCoin added it has no logs of the attacker downloading, altering, or removing personal identifiable information from its systems.

The email said that immediately after this notification, TrueCoin's cybersecurity and engineering teams initiated an investigation to determine the extent of the breach. "TrueCoin took swift action to prevent any further unauthorized access. TrueCoin's own internal systems were not compromised," the message noted.

TrueUSD added that in light of this incident, it recommends that customers carefully monitor their personal accounts for any suspicious activity. TrueUSD added that clients should beware of any phishing attacks, and to contact the company if they notice anything unusual.

"We would like to clarify that the online hacking was directed towards a third-party vendor that was engaged by TrueCoin, the former operator of TUSD until July 2023. In its previous capacity as the operator, TrueCoin was in possession of certain historical data of TUSD users.
 
"TUSD is no longer using this vendor, and hence we are not directly affected by the incidence. Nevertheless, we have reached out to relevant users for information purpose and to assure that there is no operational breach of any sort for TUSD. We would like to emphasize that TUSD system is secure and has not be affected by this incident," TrueUSD told The Block.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.