Stablecoin issuer TrueUSD fell victim to a large-scale security breach. The breach led to the exposure of a significant amount of personally identifiable information belonging to TrueUSD customers. The leaked data includes first and last names, email addresses, phone numbers, and even bank details. Consequently, clients who were onboarded between 2018 and 2019 face higher risks. TrueCoin, TrueUSD’s former banking and customer onboarding service provider, is at the center of this unsettling scenario, according to an email.
The chain of events began on September 20, 2023, when TrueCoin received a notice from a third-party vendor. The vendor alerted them about “an anomalous account change” within the organization. Moreover, this irregular activity came from a compromised support vendor. Upon receiving this critical information, TrueCoin immediately engaged its cybersecurity and engineering teams to evaluate the extent of the breach. According to statements from TrueCoin, their internal systems remained intact. They took prompt action to halt any further unauthorized activities.
TrueUSD urges customer vigilance amid data exposure
Customers are advised to exercise extreme caution. TrueUSD issued a warning, asking its clients to monitor their personal accounts for any unusual activity closely. Additionally, they emphasized the need for clients to remain alert to potential phishing attacks. The company also encouraged clients to get in touch if they notice anything unusual.
However, TrueUSD clarified that neither its own internal systems nor those of TrueCoin were directly compromised. The breach occurred at the level of a third-party vendor that TrueCoin uses for various services, including product management, customer onboarding, and user onboarding. What heightens the concern is that this third-party vendor could not provide any logs indicating whether the attacker downloaded, altered, or removed personal information from its systems. Hence, the full extent of the breach remains unclear.
Significantly, the breach comes at a time when there is an increased focus on the vulnerabilities associated with third-party vendors in the fintech space. Such security incidents underscore the importance of stringent cybersecurity measures. Data security has been a focal point of ongoing discussions, especially in the cryptocurrency arena, which must adhere to strict KYC/AML requirements imposed by regulators.
Despite the recent security breach, the TUSD stablecoin remains unaffected and currently trades at $1, maintaining a relative parity with the U.S. dollar. TrueUSD holds the fourth position on the list of the most widely used USD-pegged stablecoins, with a market cap of $3.4 billion. It falls behind Tether (USDT), USDC (USDC), and DAI (DAI) in terms of popularity.
Source: https://www.cryptopolitan.com/trueusd-client-data-exposed-in-security-breach-linked-to-third-party-vendor/