CurrentC, the mobile payment service that’s backed by several major retailers, has been in the news quite a bit lately as the reason that CVS and Rite Aid have blocked Apple Pay. Today CurrentC is in the news again, but for a much worse reason.

Merchant Customer Exchange (MCX), the entity behind CurrentC, has alerted users that “unauthorized third parties” have gained access to some of their email addresses. MCX says that its security personnel have determined that the hackers obtained email address but were unable to gain any other information.

It’s worth noting that CurrentC is currently only in a private pilot test period, so its user base is likely fairly small. Still, it’s disconcerting that the service has already gotten hacked, especially since many retailers are blocking more secure payment methods like Apple Pay and Google Wallet in order to promote CurrentC. CurrentC draws funds directly from a user’s bank account rather than using a credit card, so MCX is lucky that its hackers didn’t get anything more than email addresses.

Via MacRumors