The original comment comes off a bit more like an accusation with an escape clause. I'd agree that if the leaked data contains exactly the same information as the alleged source's servers, it would be evidence of the veracity of its source, but that has nothing to do with whether or not the data is encrypted.
I beg to differ. If the PII in the leak matches what's in AT&T DBs, they can still maintain plausible deniability that there is no proof the PII leaked from them. An encrypted DOB requires the DOB and an encryption key. The latter shall be unique and securely stored in their system and that's why I referred to presence of the encrypted data specifically as a smoking gun.
I use unique email addresses for each company; the one I use with AT&T (and only them) is in the dump. So I know at least the email was leaked from them.
Of course that doesn't say anything about the other PII but at this point, I figure my PII has already been leaked multiple times.
