TrueUSD Exposes Customer Information Due to Security Breach
TrueUSD customers have received an email warning about a security breach that may have compromised their personal identification information.
TrueUSD Exposes Customer Information
On the evening of October 16, 2023, TrueUSD, the issuer of TUSD - a stablecoin supported by Justin Sun and Binance - disclosed that it has been subject to a security breach by a third party, resulting in the exposure of personal identification information of some customers.
The leaked information includes:
- Customers' full names, email addresses, and phone numbers (for customers registered between 2018-2019).
- Customer addresses, date of birth, bank names, transaction history, and even on-chain wallet addresses.
According to an email sent to customers, the incident is likely related to TrueCoin, LLC (also known as TrueCoin) - the former management company of TrueFi (TRU). This entity provided banking services, customer registration, and managed TrueUSD's products until July 13, 2023.
Stablecoin issuer TrueUSD, supported by Justin Sun and Binance, was hit by a third-party security breach that led to the exposure of personally identifiable information of some of its clients. TheBlock reported.
— Wu Blockchain (@WuBlockchain) October 16, 2023
The information included the first and last names of customers,…
TrueUSD customers have received an email warning about a security breach that may have compromised their personal identification information.
The email further stated that immediately upon notification, TrueCoin's cybersecurity and technical teams investigated to determine the extent of the breach and advised customers to closely monitor their personal accounts and report any suspicious activity.
"TrueCoin took swift action to prevent unauthorized access. TrueCoin's internal systems were not compromised."
TUSD team was informed by TrueCoin that they received a third-party vendor's notification that the vendor’s Security Team detected “an anomalous account change within [TrueCoin’s] organization made by a compromised support vendor.”
— TrueUSD (@tusdio) October 16, 2023
TrueCoin informed TrueUSD on September 20, 2023, that a third-party provider had notified them of "an anomalous account change within TrueCoin's organization conducted by a compromised support provider." TrueCoin also noted that they have no logs indicating that the attacker downloaded, altered, or deleted personal information from their system.
The team behind the TUSD stablecoin issuer has also confirmed the information and asserted that "both the TUSD system and TUSD reserves were not affected."
