CurrentC, a contactless payment system backed by more than 50 major retailers, has been hacked. Parent company Merchant Customer Exchange (MCX) has notified customers that hackers managed to obtain the e-mail addresses of some participating in its beta program.
MCX claims that an investigation into the matter revealed that only e-mail addresses were taken; all other personally identifiable data appears to be safe. The company said they are continuing to investigate the situation and will provide updates as necessary. They also ask that customers be vigilant and not open suspicious e-mails with attachments.
In a separate response to Ars Technica, an MCX spokesperson noted that many of the e-mail addresses that were taken were dummy accounts used for testing purposes only. This obviously rules out the possibility of it being a phishing attack.
MXC failed to disclose how many e-mail addresses were taken.
Unlike other contactless payment systems that use NFC technology to complete a transaction, CurrentC relies on QR codes. When a customer wants to purchase something, CurrentC sends a QR code to their mobile phone which is then scanned by the cashier to complete the purchase.
CurrentC gained widespread news coverage this past weekend when pharmacies Rite Aid and CVS blocked access to Apple Pay and Google Wallet.
While the loss of e-mail addresses isn’t a major concern on its own, the fact that CurrentC is having security issues even before a full public rollout is troublesome.