MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments solution CurrentC meant to rival newcomer Apple Pay, has been hacked. The data breach involves the theft of email addresses. The CurrentC mobile application was not affected, the company confirms to TechCrunch.

Within the last 36 hours, MCX says it learned that unauthorized third parties obtained the email addresses of some of its CurrentC pilot program participants and other individuals who had expressed interest in the app.

The group has now notified its merchant partners about the incident and is communicating directly with those individuals whose email addresses were involved, a company spokesperson tells us.

At this time, it appears that only the emails of these early mobile app testers have been stolen, which is not as significant a data breach as having their payment data or other personal information, like home addresses or phone numbers stolen, as has been the case with other large-scale data breaches, like the one which took place over the last holiday season at Target, for example. In addition, many of these email address were dummy accounts used for testing purposes, which means there may not that many end users affected at this point, since the solution was still in its pilot phases.

However, MCX says it’s continuing to investigate the situation and will provide more updates as they arrive.

Below, is the email being shared with these users, in its entirety:

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.

CurrentC, for those unfamiliar, is a group of over 50 retailers who have been working to develop their own mobile wallet technology. Essentially, they want to own the mobile wallet experience for themselves, instead of turning it over to a company like Apple, whose Apple Pay mobile payments solution prevents them from gaining access to customer data. Instead, retailers involved with MCX want to use mobile payments as a way to learn more about their customers’ shopping behavior, which could mean they could better target offers to them in the future.

The system works via a mobile application, live now on the app stores, called CurrrentC. It’s sort of clunky tool when compared with Apple Pay, as it involves the use of QR codes. But some retailers, like Starbucks, have seen success with QR codes, and these special barcodes aren’t tied to one platform, like Apple’s so it makes sense that this is the technology the retailers would adopt. (More on CurrentC is here.)

CurrentC began making headlines recently, when retailers involved with the initiative shut off NFC in their stores. NFC is the technology that makes Apple Pay and other NFC-based payment solutions, including Google Wallet, work. Customers were trying to use Apple Pay at stores like Rite Aid and CVS, where at first Apple Pay-initiated payments were functioning properly, thanks to the retailers NFC-enabled point-of-sale terminals.

But then those retailers disabled NFC entirely at their registers, ending their unofficial support for Apple Pay. The problem, apparently, stemmed from the fact that retailers’ contracts with MCX states they’re not supposed to accept rival mobile payment products.

Source:techcrunch