CurrentC Hacked - Business Insider
Screenshot
Here's a bad sign for CurrentC, the fledgling mobile payment system in development by a consortium of retailers.
CurrentC is sending emails to people who signed up for the beta version of the app warning them "that unauthorized third parties obtained the e-mail addresses of some of you."
It doesn't sound as if it's the worst breach in the world, but it's definitely not good for CurrentC, which is just getting started.
CurrentC is in the news this week because of Apple Pay, Apple's mobile payment system for the iPhone 6.
CurrentC is backed by MCX, the Merchants Consumer Exchange, which is a group of retailers trying to create a mobile payment system. It is being spearheaded by Wal-Mart.
The idea behind CurrentC is for retailers to have lots of data on what their customers are doing. They also want to cut down on the fees of 2% to 3% that retailers are paying to credit-card companies. CurrentC connects directly to your bank account, bypassing the need to use credit cards.
The retailers in MCX are not accepting any other mobile payments, including Apple Pay.
A PR rep for CurrentC confirmed the email saying:
Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.
We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary.
It's good for CurrentC that its app wasn't compromised, and in reality, identifying one's email address is not that big of a deal.
However, it's embarrassing because Wal-Mart previously told us it wasn't supporting Apple Pay because, "Ultimately, what matters is that consumers have a payment option that is widely accepted, secure, and developed with their best interests in mind."
Before CurrentC sent out its warning, MCX's CEO Dekkers Davidson responded to the controversy surrounding Apple Pay. He highlighted the privacy of CurrentC:
Consumers’ privacy and data security are our top priorities. CurrentC will empower consumers and merchants to make informed decisions regarding how information can be shared through our privacy dashboard. Because we have a number of merchants that have pharmacies, MCX may end up interacting with limited information in the course of processing payments such as location and transaction amount. As a result, MCX is bound by law to adhere to strict rules regarding the privacy of consumers’ information. Our compliance with this law is required by HIPAA. CurrentC does not collect any information from any other apps, or health information stored in the mobile device. The CurrentC privacy policy provides extensive details about the application’s information collection, use, sharing and retention practices and we will continue to be transparent about it.
But in this case, hackers were able get private email addresses of CurrentC users.