This is to inform you that our Cyber Incident Response Team has discovered that some

<user / employee / customer, etc.> data was compromised due to unauthorized access
to our systems by a malicious third party. We have already taken steps to notify law
enforcement officials and applicable regulators, as well as to ensure the situation is
contained, and to prevent this type of event from occurring in the future.

Protecting your information and fostering an environment built on trust remains our top
priority.

What kind of data was affected?

Based on what we have learned, some of our <users / employees / customers, etc.>
data has been exposed, including:
 <personally identifiable or health information, e.g., social security numbers,
insurance policy numbers, names>
 <account information, e.g., email addresses, login credentials, unique IDs or
PINs, encrypted passwords>
 <financial information, e.g., credit card numbers, bank account numbers>
What can I do to minimize any further exposure?
 <describe steps that can prevent further exposure, e.g., contact your
insurance or bank accounts to freeze accounts or lock credit cards, change
passwords, enable 2 Factor Authentication if haven’t already, etc.>
Please direct any questions or concerns to <your dedicated CIRT mailbox or individual
contact information>