My AT&T data is being used by fraudsters

The email address that the fraudsters are using is specific to my previous AT&T service, which was canceled many years ago. That email address was uniquely created by me to track anything related to AT&T. 

The data breach could not have originated from anywhere other than AT&T due to the "unique" email address associated to my former AT&T service.

What is the latest news? And what is being done by AT&T for breaches from data originating from their systems? Why doesn't AT&T hash or encrypt our SSNs?

@PWang    Go to www.haveibeenpwned.com and enter your email address.  This is a massive database of billions of email addresses that have been collected from breached websites.  See if it shows anything for your address.

@tonydi The address specific to my AT&T service (which fraudsters are now using to open credit cards) does not yield any matches on that website.

Again, I had a specific email address that was created by me to track activity related to my AT&T wireless service. Prior to recent activity starting last week, I had received only bill notifications and termination of services from "AT&T Online Services" during my service dates 2012-2016. The unique AT&T email address has not been used anywhere else by me.

There has clearly been a data breach of AT&T clients, at least with the DSL service.

Thanks for reporting back on the pwnd site results.

If that is true, then I don't see what AT&T can do about it because your addy is now out there for all to use. I haven't read or seen any reports of a data breach but anything is possible, and if there has been one recently, it probably won't be made public knowledge for awhile yet. There was supposedly one around last April, and T-Mobile just reported one the other day.

There was a breach in August 21 that AT&T has still not really announced publicly.  We think this is what started the ongoing password fiasco that AT&T has yet to resolve.

It's not clear that the OP's would have been part of that because he's using his own domain and not one of the AT&T addresses.

@OttoPylot AT&T can do a lot actually.

1) They can acknowledge the data breach.

2) Notify all the customers or prior customers so as to protect themselves.

3) Investigate what caused the breach and take action against the vulnerabilities.

4) Outline a plan to increase security on their platforms. (Including deletion of any data associated with terminated accounts, as in my case. Add firewalls. Offer more controls such as encryption on how they store SSN and other personal info).

5) They can also offer to the victims, ID theft protection services and credit monitoring.

Take responsibility in other words. Is there anyone from AT&T that can comment on what is being done?

There is the possibility that your own e-mail server was compromised and the e-mail address taken from that.  I assume you've at least considered and evaluated the possibility and found it not-compelling.

🤣🤣🤣

Could be and will be are vastly different.  What is being done is zero.  What will be done going forward is still zero.  The only AT&T response here will be from ATTHelp, if they show up at all, to say how important your security is to AT&T and they will pass your suggestions along.