There are a number of interesting takeaways from the data breach announced by European electronics firm Dixons Carphone earlier this week.
First, the breach provides partial validation of the new chip-and-pin technology. Many compromised cards had this new technology and as secondary authenticators, like CVV values and PINs, were NOT compromised these consumers may be relatively safe. This is is also a validation of the general principle that it is good design to set up multiple necessary points of failure that attackers must compromise before real damage is done.
Second, the Dixons Carphone breach will be worth following going forward as it may involve violations of the new GDPR data privacy regulations. If Dixons is punished under the new law they may be among the first and their case will set a tone for how the law is applied going forward.
Finally, an interesting side note is the prior 2015 breach at Dixons breach which proceeded by a rather innocuous attack vector: an out of data WordPress site...