AT&T blasts email to 70M customers, causes massive traffic spike at Experian. Here’s what happened

An email sign in a bear trap.

rob dobi/Getty Images

If you have a lot of customers you need to contact regarding an important communication, such as a data breach, it may be a good idea to stage those communications over several days rather than do it all at once.

It appears, however, that one of the US’s largest wireless services carriers did just that — sent them all at once. On April 11, AT&T emailed over 70M of its customers affected by a data leak disclosed by the company on March 30

Also: AT&T resets passcodes for 7.6 million customers after data leak. What experts are saying

In the email, sent at 3:23 p.m. ET, presumably sent to tens of millions of its customers, AT&T says that a breach (which they disclosed in a previous email on March 30) compromised customer information. However, financial details and call history remained secure. 

In response, the company is resetting account passcodes and is offering a year of free credit monitoring and identity theft protection via Experian’s IdentityWorks service. Experian is a large global credit reporting agency that provides data and analytical tools for credit and fraud monitoring, serving both individuals and businesses.

image-3.png

Jason Perlow/ZDNET

In the email, AT&T provides a free subscription code and a link to the Experian website for enrollment. When we attempted to enroll, we noticed that the server was performing extremely slowly and also returned HTTP 500 errors, presumably due to high levels of traffic redirected from the AT&T email to its customers. We also noticed that SMS credential logins stopped working via Experian’s mobile application, as well.

image-4.png

Error code from Experian’s web site.

Jason Perlow/ZDNET

The subscription offer is genuine, and we were eventually able to log in after several minutes. Still, the performance was agonizingly slow, and it took us over half an hour to add our account information for monitoring, experiencing multiple HTTP timeouts along the way.

image-5.png

Experian ID Works portal.

Jason Perlow/ZDNET

The traffic spike at Experian was confirmed by the Downdetector service, showing a massive increase in user reports around 5 p.m. ET.

experian-down-current-problems-and-outages-downdetector

Experian user downtime reports at Downdetector

Jason Perlow/ZDNET

On Twitter, at 4:54 p.m. ET Experian noted on X that its website had stabilized. However, as of 6 p.m. ET, the site remained non-responsive. Stay tuned to ZDNET for the latest updates on the situation.

READ MORE HERE