Recently, stablecoin issuer TrueUSD faced a security breach that resulted in the exposure of personally identifiable information (PII) of some of its clients. The breach affected clients who joined between 2018 and 2019 and involved the leak of sensitive customer details, including their names, email addresses, phone numbers, mailing addresses, dates of birth, bank names, transaction histories, and blockchain wallet public addresses. TrueCoin, a former service provider for TrueUSD, was identified as the source of the breach. TrueCoin was responsible for banking, customer onboarding, and product management.
TrueUSD was made aware of the breach by TrueCoin after a third-party vendor noticed some unusual account changes within TrueCoin’s organization. It was suspected that a support vendor had been compromised, leading to the exposure of TrueUSD’s customer data. TrueCoin clarified that they had no evidence of the attacker downloading, altering, or removing any personal information from their own systems.
In response to the breach, TrueCoin’s cybersecurity and engineering teams promptly launched an investigation to determine the scope of the incident. TrueUSD assured its clients that it took immediate action to prevent unauthorized access and that its internal systems remained secure throughout the breach.