You can’t make this stuff up.
MCX, the retailer consortium behind Apple Pay competitor CurrentC, has already been hacked, according to an email sent out to those people who have signed up for, or downloaded, the CurrentC app.
“Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you,” the email reads.
A spokeswoman confirmed that the email is real.
MCX, which is a consortium of dozens of retailers including Walmart, Best Buy, Target, Kohl’s and CVS, say that no other information has been taken but that the investigation is continuing. The “unauthorized third parties” were able to access email addresses of people who were part of the app’s private beta testing program as well as email addresses of people who simply signed up to access the app when it launches publicly.
It has already been a bad week for MCX, after member companies CVS and Rite Aid banned Apple’s new Apple Pay payment technology from their stores, infuriating a vocal group of iPhone lovers. Some of these people have taken to the reviews section of app stores to voice their opinion, where the app has received an average of one out of five stars in the Apple App Store.
MCX confirmed this morning that its member companies have promised to only support CurrentC. MCX was formed in large part to create a mobile app that would persuade shoppers to pay through their phone with their checking account or store-branded plastic. The retailers’ goal here was to cut down on the transaction fees it has to pay banks and credit card networks on traditional credit card purchases. That is likely a big reason why it opposes Apple Pay, which supports those traditional cards.
But the hack now raises big questions about whether shoppers will trust CurrentC app with their sensitive financial information when it launches; the app asks for users’ social security number and driver’s license information if they want to link their bank account with the app. The app does not currently let users pay with their traditional credit card accounts, though an MCX blog post published this morning said it would eventually support credit cards, though it didn’t provide details on which kinds. Until CurrentC launches, customers shopping at MCX stores will be left with the choice of using cash or traditional magstripe cards which have proved to be easy to clone.
By banning Apple Pay, which is built into the new line of iPhones, merchants are choosing to ban a more secure payment method. Apple Pay customers can use a wide range of credit and debit card accounts to make purchases. Users have to authorize a transaction by pressing their finger against the phone’s fingerprint sensor. The phone then sends payment information to a store’s checkout equipment, though it comes in the form of a stand-in string of characters known as a token and does not include an actual credit or debit card number.
This article originally appeared on Recode.net.