If you have a lot of customers you need to contact regarding an important communication, such as a data breach, it may be a good idea to stage those communications over several days rather than do it all at once.
It appears that one of the US’s largest wireless services carriers did just that. On April 11, AT&T began emailing 70M of its current and former customers affected by a data leak disclosed by the company on March 30.
EDIT: At 11:55 PM, April 11, AT&T sent ZDNET the following statement to the effect that the company is staging email blasts to notify customers rather than being sent out as a single communication as suggested in the original article draft: “We have a rolling cadence on the emails to ensure our team and Experian can effectively service those impacted. We’re not aware of any issues currently, but you can check with Experian.” — Dan Feldstein, Director, Communications & PR. AT&T Global Marketing
Also: AT&T resets passcodes for 7.6 million customers after data leak. What experts are saying
In the email, sent at 3:23 p.m. ET, presumably sent to tens of millions of its customers, AT&T says that a breach (which they disclosed in a previous email on March 30) compromised customer information. However, financial details and call history remained secure.
In response, the company is resetting account passcodes and is offering a year of free credit monitoring and identity theft protection via Experian’s IdentityWorks service. Experian is a large global credit reporting agency that provides data and analytical tools for credit and fraud monitoring, serving both individuals and businesses.
In the email, AT&T provides a free subscription code and a link to the Experian website for enrollment. When we attempted to enroll, we noticed that the server was performing extremely slowly and also returned HTTP 500 errors, presumably due to high levels of traffic redirected from the AT&T email to its customers. We also noticed that SMS credential logins stopped working via Experian’s mobile application, as well.
Error code from Experian’s web site.
Jason Perlow/ZDNET
The subscription offer is genuine, and we were eventually able to log in after several minutes. Still, the performance was agonizingly slow, and it took us over half an hour to add our account information for monitoring, experiencing multiple HTTP timeouts along the way.
Experian ID Works portal.
Jason Perlow/ZDNET
The traffic spike at Experian was confirmed by the Downdetector service, showing a massive increase in user reports around 5 p.m. ET.
Experian user downtime reports at Downdetector
Jason Perlow/ZDNET
On Twitter, at 4:54 p.m. ET Experian noted on X that its website had stabilized. However, as of 6 p.m. ET, the site remained non-responsive.
EDIT Friday, April 12, 12:28 AM: We’ve asked AT&T how many emails the company sent on April 11, and if they are staged, how many more traffic surges Experian can expect over the next several days.
