We are currently managing a cyber security incident after discovering

unauthorised activity on our network.

The intrusion was quickly identified by our IT team, and we acted immediately to secure
our systems, taking some systems offline while we undertook necessary extensive
investigations into the incident. Based on the information gathered to date, we are
confident that our security controls were effective in limiting the impact of the incident
which has been confined to a very small part of our data store, approximately
[percentage] of our data.
The incident has been reported to the necessary authorities and regulators including the
[specify all applicable law enforcement agencies and regulatory bodies]. We are working
with experienced cyber security professionals to support our investigation and identify
any parties that may have been affected. The impacted data did include [list the affected
data] but there is no evidence currently to suggest that the affected data has been
further disseminated. We will, of course, contact anyone affected in due course. We
have carefully but rapidly re-established our core systems to enable us to continue to
work and communicate with our clients, suppliers, and intermediaries.
Sincerely,
[Spokesperson’s name]
[Photo recommended]
[Contact information]