Following the fallout and negative consumer reaction after being revealed this past weekend, the CurrentC mobile payment platform has suffered its first security breach, with user and pilot program email addresses being harvested by hackers. The company released the following statement in an email to pilot program users this morning and subsequently confirmed the statement to the media:
Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app. Many of these email addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.
We have notified our merchant partners about this incident and directly communicated with each of the individuals whose email addresses were involved. We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary.
Prior to the above situation, the CEO of CurrentC attempted to ease concerns regarding the security and privacy of the platform following multiple reports in the wake of this weekend’s NFC shutdown at CVS and Rite Aid locations:
The latest report on CurrentC filed by the New York Times goes even further, detailing severe financial penalties for merchants affiliated with the MCX working group that continue to accept NFC payments or even attempt to leave the group, which the group has also attempted to deny in an attempt to save face for the platform and the working group. The working group also continues to defend the platform’s cloud-based security for the litany of sensitive customer information required to use the CurrentC service.