Merchant Customer Exchange (MCX), a retailer-backed consortium, received a lot of attention this weekend when CVS and Rite Aid suddenly stopped accepting payments from systems like Google Wallet and Apple Pay. The two pharmacists reportedly made the move in solidarity with MCX, which is developing its own mobile payments system called CurrentC. CurrentC is set to launch in early 2015, although the app is already available.

On Wednesday, however, people who signed up to be on the forefront of the CurrentC launch were sent an e-mail saying that their e-mail addresses had been stolen.

“Thank you for your interest in CurrentC,” the e-mail read. “You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.”

MCX went on to remind users that “neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you e-mails asking for your financial account, social security number, or other personally identifiable information. So if you are ever asked for this information in an e-mail, you can be confident it is not from us and you should not respond.”

The e-mail first surfaced on Business Insider. In an e-mail to Ars, MCX confirmed that it did send the message. An MCX spokeswoman told us that "many of these e-mail addresses are dummy accounts used for testing purposes only. The CurrentC app itself was not affected.

“We have notified our merchant partners about this incident and directly communicated with each of the individuals whose e-mail addresses were involved,” she continued. “We take the security of our users’ information extremely seriously. MCX is continuing to investigate this situation and will provide updates as necessary.”

The CurrentC scheme would ask users to link checking and debit accounts directly to the app. When a customer wants to buy something in, say CVS, CurrentC sends a QR code to the user's phone. The cashier would then scan the code to confirm the transaction. Credit cards won't be accepted so that the retailer gets to sidestep paying fees to the card issuer for the transaction. (Credit card fees are generally about two to three percent of every transaction.)

Further reports this week suggested that retailers might be fined if they try to offer CurrentC along with other mobile payments options like Google Wallet and Apple Pay. With customers already miffed about having tap-and-pay options being taken away from them, this latest development is likely to make MCX's uphill battle even steeper.