CurrentC, the much discussed infamous competitor to the Apple Pay mobile payments platform, has some more bad press coming its way. According to an email sent out this morning to its pilot program customers, the MCX service has already been hacked. According to the notice, “unauthorized third parties” obtained email address information for an unannounced number of users:
For those not following the MCX vs. Apple Pay saga, MCX powers a payments platform utilized by key retailers such as WalMart, CVS, and RiteAid. After initially supporting NFC-based payments via Apple Pay and Google Wallet, those aforementioned retailers shut down their industry standard NFC-based payment processing systems in favor of the CurrentC app from MCX.
In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.
MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.
MCX has since responded to this controversy on its website, and Apple CEO Tim Cook referred to the entire situation as a “skirmish.” Meanwhile, reports have indicated that retailers are playing along with MCX in order to avoid fines discussed in early contractual agreements. Nonetheless, Apple Pay has already amassed over a million activations, becoming the most ubiquitous mobile payments platform in just about a week.
MCX has confirmed that the email to customers is legitimate and said the following:
“Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.
We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary.”