CurrentC notifies users of breach, only email addresses were taken

Members of the CurrentC pilot program are receiving a notice today that the service has been breached, with an unspecified number of user email addresses having been compromised. MCX says that no other information was taken. The group reminds to avoid phishing scams, saying that they will never be contacted by CurrentC or MCX for their financial information over email.

From the notice:

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

CurrentC breach notice

How does this incident make you feel about the security of CurrentC overall? Let us know in the comments.

Thanks to @Meske for the tip!

Joseph Keller

Joseph Keller is the former Editor in Chief of iMore. An Apple user for almost 20 years, he spends his time learning the ins and outs of iOS and macOS, always finding ways of getting the most out of his iPhone, iPad, Apple Watch, and Mac.

  • Is this a CurrentC blog now? Enough already. We get it. It sucks. Even the name sucks.
  • LOL
  • bro...umad?
  • lol.
  • And retailers want to force us to use this over Apple Pay? What a joke! Sent from the iMore App
  • If a retailer is forcing you to use that. Don't shop there. ಠ益ಠ
  • retailers have been doing the same thing with Google Wallet for years. Maybe if Apple and Google then things would change. Posted via the iMore App for Android
  • Just got my email too. CurrentC hasn't started and already a breach? True, with all the backlash someone probably wanted to prove a point but still, all they have so far are email addresses and they have issues securing that info; not going to be giving them my account info any time soon...
  • I have no doubt that CurrentC was specifically targeted. Since WalMart and the whole MCX gang is wanting to play hardball by cutting off access to Apple Pay, it would make sense that somebody wants to play hardball right back at them to prove that their system is not as secure as Apple's. It is going to be a hugely difficult job for the MXC folks to convince users to not only stop using credit cards but to also hand over private banking account information. With all the retail stores who have been hacked recently for credit card info and then with this story in how CurrentC cannot even secure email addresses, they have a really steep hill to climb to win over confidence.
  • Let's just hope they don't ever climb that hill and come crashing down instead.
  • Here we go...
  • LOL is all I can say. Everyone knows this system is crap and not to give their personal info to retailers who could never keep it safe.
  • Honestly, l wouldn't be surprised if this breach wasn't carried out by a few angry individuals just to prove a point. Some retailers have decided to use CurrentC over taking credit card payments via NFC and a good swath of the tech community appears to have lost it. I don't understand. You can't use your phone at the register? Use the card itself or cash. It's not about Apple or Google, its about businesses saving some cash by reducing fees while finding another way via consumer data to provide goods/services that increase revenue and profit. No customers are being forced to use it. Heck, some might even like it as it doesn't require a "high end" smart phone to be used (this is my understanding at least). Don't take it personally, just see it for what it is. A business decision that may or may not have a return on investment. Posted via my Note 3
  • I'm capable of making my own business decisions. And none of them will ever involve CurrenC, Apple Pay or no Apple Pay. Sent from the iMore App
  • That's the problem with that whole statement right there " It's not about Apple or Google, its about businesses saving some cash by reducing fees while finding another way via consumer data to provide goods/services that increase revenue and profit." Because by cutting of NFC payments retailers aren't saving money when customers are still using credit cards.
  • But they are. Now is it as large an amount as it would be if they stopped taking credit cards all together? No. However, they are playing for the long term. The idea is to gradually push the use of credit cards down in their stores until thier presence is a non issue. Allowing NFC to continue to be used while pushing their own alternative is counterproductive to the their goal. Now, will I use their system? No. Do I hate them for it? Again, no. I can see why they are doing it. Posted via my Note 3
  • I understand that they don't want to pay fees. My problem with this whole thing is that they cutoff NFC altogether before seeing what possible benefits they could gain and offering nothing else as more and more devices get NFC capabilities. To add to that their own proposed system ties directly to your bank account which is simply preposterous and uses easily spoofed QR codes as a mechanism for financial transactions.
  • The best idea would be to move to a 1-3% cash (or debit) discount for people using a GOOGLE WALLET card. That way, you only carry one card, and load it up with whatever you want-from your bank or a CC (which you'd pay the fees on). It's still much more secure than a debit card.
  • Yeah I just got the email. Sent from the iMore App
  • The irony. I just wrote this around an hour ago here: What this goofball doesn't get is that this is exactly the problem. As we've seen over and over again is that if it's cloud based it will be compromised, only a matter of time. "We want to assure you, MCX does not store sensitive customer information in the app. Users’ payment information is instead stored in our secure cloud-hosted network."
  • I think this is apple getting back at current has always been a bully...
  • Yeah, the most valuable tech company in the world would hack into an upstart like CurrentC.....
    Yeah, that makes a whole lot of sense.
  • If Apple were truly threatened by CurrentC, they could simply buy them out. They've got the cash.
  • $10 bucks says the hack wasn't to steal anything, just a big "fuck you" to CurrentC.
  • Guess if they are not going to allow Apple Pay where I can be anonymous, I guess I will have to start using cash again!
  • Who in their right mind would hand over their personal banking information to a bunch of retailers? I get doing that with my credit cards as they are protected by the card issuer, but a checking account??? Sent from the iMore App
  • DOA
  • Ok, time to grab some popcorn and sit back and enjoy the show!!!
  • I trust this payment system about as far as I can throw an elephant...
  • You can throw an elephant? Sent from the iMore App
  • "Only e-mail addreses". Nick Arnott's article on iMore yesterday demonstrated that entering an email into the app gets the service to respond with a whole lot more user data. He says he never actually got it to respond with actual user data, but that seems mostly because he didn't stumble upon an actual user's e-mail, and quit trying before he did. Even though this breech is "only" user e-mails, it seems like the implication for those users is a lot more significant than the CurrentC would like to admit.
  • What everyone is not thinking about is that these are not competing products. CurrentC wants to replace credit cards in order to not pay the card companies their ridiculous transaction fees. I get that, we are talking 1-4% of the gross profit disappearing with the swipe of a card. Applepay is a complimenting product. Do you really think Walmart (Or any of the 50 companies) are going to stop taking credit cards? That would be retail suicide. Visa and Mastercard purchases in the U.S. alone for 2012 were $1.5 Trillion. Do you think any of these companies want to be left out of that? Applepay is an easier more secure interface that will allow me use my credit card at a retail store. It gives me more purchasing power that I would not have with CurrentC being tied to my bank account and it gives me better consumer protections than CurrentC. Whoever at these companies made these decisions needs to go back to business school because they have forgotten the fundamentals.
  • They asked for this. It will only get worse for them, I bet.
  • Let's call CurrenC what it really is, a new form of the old written check. Remember, those old enough, you had to have your DL# and other personal Info available for the cashier, just to write one. CurrenC is asking for the same info, but on an even more hacker friendly level. The whole reason debit cards came out was so that you didn't have to use a check and share all that personal info. HUGE step backwards honestly.
  • And they want people to use this over Google Wallet and Apple Pay?