The TrueUSD stablecoin issuer said that a security breach at its former banking-services provider TrueCoin risked disclosure of some customers’ personal information.
TUSD team was informed by TrueCoin that they received a third-party vendor’s notification that the vendor’s Security Team detected “an anomalous account change within [TrueCoin’s] organization made by a compromised support vendor.”
— TrueUSD (@tusdio) October 16, 2023
The incident occurred on September 20. An “an anomalous change made by a compromised support vendor” was detected in TrueCoin’s account.
Because the company operated TrueUSD until July 13, 2023, it held certain KYC-data, including users’ first and last names, email addresses and phone numbers, addresses, dates of birth, names of banks, transaction histories and public blockchain addresses.
Some of this information could potentially have fallen into the hands of malicious actors.
Internal TrueCoin systems were not compromised. Following notification of the incident, the cybersecurity team took steps to prevent further unauthorized access and opened an investigation.
Representatives said that the TrueUSD system was not breached and the TUSD reserves were not affected by the incident.
TUSD system is SECURE and not attacked. Both TUSD system and TUSD’s reserves are UNAFFECTED.
— TrueUSD (@tusdio) October 16, 2023
Nevertheless, they advised users to monitor their personal accounts for any suspicious activity.
In late September, personal information of some users of the Nansen analytics platform leaked publicly. The leak also occurred due to the compromise of a third-party data provider.