TrueCoin’s third-party vendor breach potentially leaks TUSD user data
Stablecoin TrueUSD (TUSD) announced a potential leak of certain Know Your Customer (KYC) and transaction history data as one of TrueCoin’s third-party vendors got compromised.
TrueCoin was the operator of the TUSD stablecoin till July 13, 2023. On Oct. 16, a third-party vendor’s security team informed TrueCoin of “an anomalous account change within [TrueCoin’s] organization made by a compromised support vendor.” As a result, TrueCoin suspects the compromise of some of TUSD’s existing customer data.
TUSD team was informed by TrueCoin that they received a third-party vendor's notification that the vendor’s Security Team detected “an anomalous account change within [TrueCoin’s] organization made by a compromised support vendor.”
TrueCoin’s internal systems were not impacted or accessed, as the company confirmed that the attack was an isolated incident on a third-party vendor. “TUSD system is SECURE and not attacked. Both TUSD system and TUSD's reserves are UNAFFECTED,” affirmed TrueUSD through its official X (formerly Twitter) account.
Data collected from such breaches — names, email addresses and phone numbers, among others — are typically used for phishing attacks. Attackers reach out to unwary investors by mimicking various crypto services, often promising high profits in short amounts of time.
The impact of the attack and the resultant data leak is yet to be identified, as the total number of users’ data was not revealed during the announcement.
TrueUSD has not yet responded to Cointelegraph’s request for comment.
Related: TrueUSD stops minting via Prime Trust, loses dollar peg
TrueCoin recently distanced itself from Nevada-based Prime Trust right after the latter abruptly halted all fiat and cryptocurrency deposits
Read more on cointelegraph.com
