CurrentC is already under fire for working with its retail partners to shut out Apple Pay, and it's now facing another mess: some email addresses of people using the app or who have signed up to learn more from the app have been taken from its systems. CurrentC is notifying potentially affected people over email, informing them that "unauthorized third parties obtained the email addresses of some of you" over the past 36 hours. It hasn't said exactly how many emails are affected, but it says that "no other information" was taken.
CurrentC's developer, MCX, tells us that the app itself was not affected by the breach and that many of the emails were dummy accounts. "We take the security of our users’ information extremely seriously," an MCX spokesperson says in a statement. "MCX is continuing to investigate this situation and will provide updates as necessary."
It's possible that CurrentC's website is where the issue occurred. But even so, it's a bad look for CurrentC, which hopes to present itself as a secure mobile payments system. In fact, CurrentC even stores "sensitive customer information" in the cloud rather than on a given person's own phone, a practice that it says lowers risk of data theft.