If you have a lot of customers you need to contact regarding an important communication, such as a data breach, it may be a good idea to stage those communications over several days rather than do it all at once.
It appears, however, that one of the US's largest wireless services carriers did just that -- sent them all at once. On April 11, AT&T emailed over 70M of its customers affected by a data leak disclosed by the company on March 30.
Also: AT&T resets passcodes for 7.6 million customers after data leak. What experts are saying
In the email, sent at 3:23 p.m. ET, presumably sent to tens of millions of its customers, AT&T says that a breach (which they disclosed in a previous email on March 30) compromised customer information. However, financial details and call history remained secure.
In response, the company is resetting account passcodes and is offering a year of free credit monitoring and identity theft protection via Experian's IdentityWorks service. Experian is a large global credit reporting agency that provides data and analytical tools for credit and fraud monitoring, serving both individuals and businesses.
In the email, AT&T provides a free subscription code and a link to the Experian website for enrollment. When we attempted to enroll, we noticed that the server was performing extremely slowly and also returned HTTP 500 errors, presumably due to high levels of traffic redirected from the AT&T email to its customers. We also noticed that SMS credential logins stopped working via Experian's mobile application, as well.
The subscription offer is genuine, and we were eventually able to log in after several minutes. Still, the performance was agonizingly slow, and it took us over half an hour to add our account information for monitoring, experiencing multiple HTTP timeouts along the way.
The traffic spike at Experian was confirmed by the Downdetector service, showing a massive increase in user reports around 5 p.m. ET.
On Twitter, at 4:54 p.m. ET Experian noted on X that its website had stabilized. However, as of 6 p.m. ET, the site remained non-responsive. Stay tuned to for the latest updates on the situation.