TrueUSD client data exposed in security breach linked to third-party vendor


  • TrueUSD, a stablecoin issuer, faced a significant security breach that exposed substantial customer data, including names, email addresses, and bank details. The breach is linked to TrueCoin, their former banking and customer onboarding service provider.
  • A compromised third-party vendor used by TrueCoin is the source of the breach. Neither TrueCoin nor TrueUSD’s internal systems were directly affected, but the vendor could not provide logs to indicate the full extent of the data loss.

Stablecoin issuer TrueUSD fell victim to a large-scale security breach. The breach led to the exposure of a significant amount of personally identifiable information belonging to TrueUSD customers. The leaked data includes first and last names, email addresses, phone numbers, and even bank details. Consequently, clients who were onboarded between 2018 and 2019 face higher risks. TrueCoin, TrueUSD’s former banking and customer onboarding service provider, is at the center of this unsettling scenario, according to an email. 

The chain of events began on September 20, 2023, when TrueCoin received a notice from a third-party vendor. The vendor alerted them about “an anomalous account change” within the organization. Moreover, this irregular activity came from a compromised support vendor. Upon receiving this critical information, TrueCoin immediately engaged its cybersecurity and engineering teams to evaluate the extent of the breach. According to statements from TrueCoin, their internal systems remained intact. They took prompt action to halt any further unauthorized activities.

TrueUSD urges customer vigilance amid data exposure

Customers are advised to exercise extreme caution. TrueUSD issued a warning, asking its clients to monitor their personal accounts for any unusual activity closely. Additionally, they emphasized the need for clients to remain alert to potential phishing attacks. The company also encouraged clients to get in touch if they notice anything unusual.

However, TrueUSD clarified that neither its own internal systems nor those of TrueCoin were directly compromised. The breach occurred at the level of a third-party vendor that TrueCoin uses for various services, including product management, customer onboarding, and user onboarding. What heightens the concern is that this third-party vendor could not provide any logs indicating whether the attacker downloaded, altered, or removed personal information from its systems. Hence, the full extent of the breach remains unclear.

Significantly, the breach comes at a time when there is an increased focus on the vulnerabilities associated with third-party vendors in the fintech space. Such security incidents underscore the importance of stringent cybersecurity measures. Data security has been a focal point of ongoing discussions, especially in the cryptocurrency arena, which must adhere to strict KYC/AML requirements imposed by regulators.

Despite the recent security breach, the TUSD stablecoin remains unaffected and currently trades at $1, maintaining a relative parity with the U.S. dollar. TrueUSD holds the fourth position on the list of the most widely used USD-pegged stablecoins, with a market cap of $3.4 billion. It falls behind Tether (USDT), USDC (USDC), and DAI (DAI) in terms of popularity.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Damilola Lawrence

Damilola is a crypto enthusiast, content writer, and journalist. When he is not writing, he spends most of his time reading and keeping tabs on exciting projects in the blockchain space. He also studies the ramifications of Web3 and blockchain development to have a stake in the future economy.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan