Data breaches have become an unfortunate reality for businesses, charities, schools, healthcare providers, and government agencies alike. A single phishing email, a stolen laptop, a ransomware attack, or even an employee mistake can expose sensitive information in a matter of minutes. While preventing breaches should always be the goal, the way an organization responds after an incident often shapes how customers, employees, or business partners judge its integrity.
One of the first responsibilities after confirming a breach is notifying the people who may have been affected. A good notification letter does more than satisfy a legal requirement. It explains what happened in plain language, outlines what information may have been involved, shares the steps already taken, and tells recipients what they can do to protect themselves.
The sample letters below cover several common situations. They are written as complete examples that can be adapted to suit different organizations and industries.

Sample Letters of Data Breach Notification
Every security incident is different, so the wording should match the facts available at the time. Use these examples as practical starting points and customize names, dates, contact details, and recommended actions before sending them.
1. General Customer Data Breach Notification
Dear Valued Customer,
We are writing to inform you of a data security incident that may have involved some of your personal information. We believe in being open with our customers, and we want you to hear about this matter directly from us rather than through another source.
On April 14, 2026, our security monitoring systems detected unusual activity within one of our customer databases. As soon as the activity was identified, we activated our incident response procedures, secured the affected systems, and engaged independent cybersecurity specialists to investigate what had happened.
Based on the investigation completed so far, an unauthorized individual may have accessed customer records between April 10 and April 13, 2026.
The information involved may have included your full name, mailing address, email address, telephone number, and customer account number. At this time, there is no evidence that payment card information, banking information, or account passwords were accessed during the incident.
Although the investigation remains ongoing, we wanted to notify you promptly because your privacy is important to us. Waiting until every technical detail had been confirmed could have delayed information that may help you stay alert.
Immediately after discovering the incident, we isolated the affected systems, reset administrative credentials, strengthened security controls, and began continuous monitoring for any further suspicious activity. We also reported the matter to the appropriate authorities where required.
At this time, there is no evidence that your information has been misused. Even so, we encourage you to remain cautious over the coming weeks. Be careful of unexpected emails, text messages, or phone calls requesting personal information or asking you to click unfamiliar links. If something feels unusual, it is worth taking a few extra minutes to verify the sender before responding.
If you have questions or require assistance, our Customer Support Team is available Monday through Friday from 8:00 a.m. to 6:00 p.m. at (555) 123-4567 or by email at support@brightwaveexample.com.
We sincerely apologize for any concern or inconvenience this incident may cause. Protecting your information remains one of our highest priorities, and we are committed to earning your continued trust.
Sincerely,
Sarah Mitchell
Director of Information Security
BrightWave Solutions
2. Data Breach Notification Involving Financial Information
Dear Customer,
We regret to inform you of a cybersecurity incident that may have involved your financial information. We understand that news like this can be concerning, and we want to provide clear information about what happened and what we are doing in response.
On May 8, 2026, unauthorized activity was identified within part of our payment processing environment. Our security team immediately contained the affected systems and began working with external cybersecurity experts to investigate the incident.
The investigation determined that certain customer payment records may have been viewed by an unauthorized party before access was blocked.
The information that may have been affected includes your name, payment card number, card expiration date, and billing address. The card verification value was not stored within the affected system and therefore was not exposed.
As soon as the incident was confirmed, we strengthened access controls, increased monitoring across our payment systems, and notified our payment processing partners. Relevant financial institutions have also been informed so they can assist in monitoring for unusual activity.
Although there is no confirmation that your payment information has been used fraudulently, we recommend reviewing your recent card statements carefully. If you notice any unfamiliar purchases, contact your bank or card issuer immediately. Most financial institutions allow customers to temporarily lock or freeze payment cards through their mobile banking applications, which provides an extra layer of protection.
To help reduce any inconvenience, we are offering twelve months of complimentary credit monitoring and identity protection services. Enrollment instructions are enclosed with this letter. The service includes alerts for certain changes to your credit profile as well as assistance if identity theft occurs.
We sincerely apologize for this incident and appreciate your patience while we continue strengthening our security systems. Your confidence in our organization means a great deal to us, and we remain committed to protecting your personal information.
Sincerely,
David Ross
Chief Information Officer
3. Employee Data Breach Notification
Dear Employee,
We are writing to inform you of a recent data security incident involving certain employee records maintained by our organization. We understand that the protection of your personal information is important, and we want to explain what happened, what information may have been involved, and the steps we are taking in response.
On June 11, 2026, our Information Security Team detected unusual activity within part of our human resources network during routine monitoring. As soon as the activity was identified, access to the affected systems was restricted while an investigation was launched with the assistance of independent cybersecurity professionals.
The investigation determined that an unauthorized individual may have gained access to a portion of our employee records database before the intrusion was contained. Although the investigation has not identified evidence that the information has been misused, some employee files may have been viewed or copied during the incident.
The information that may have been affected includes your full name, home address, telephone number, personal email address, employee identification number, payroll information, tax documentation, direct deposit details, and, for some employees, government-issued identification numbers used for employment purposes.
Immediately after confirming the incident, we reset administrative credentials, strengthened access controls, increased network monitoring, and deployed additional security measures across our internal systems. We also notified the appropriate authorities where required and continue to cooperate with cybersecurity specialists as they complete their investigation.
Although there is currently no indication that your personal information has been used fraudulently, we recommend reviewing your financial accounts, payroll deposits, tax records, and other important documents regularly over the coming months. If you notice unfamiliar activity, report it to the appropriate financial institution or authority without delay.
As an added precaution, the company is providing two years of complimentary identity theft protection and credit monitoring services for all employees whose information may have been affected. Enrollment instructions are enclosed with this notification, and there is no cost to participate.
We understand that incidents like this can cause uncertainty, especially when personal information is involved. Please know that protecting employee data remains one of our highest priorities, and we are continuing to strengthen our systems through additional security technology, enhanced monitoring, and expanded employee cybersecurity training.
If you have any questions or require assistance, please contact the Human Resources Department or the Information Security Office using the contact information provided below.
We sincerely apologize for this incident and appreciate your patience and understanding while we continue our response efforts.
Kind regards,
Human Resources Department
BrightWave Solutions
4. Healthcare Patient Data Breach Notification
Dear Patient,
We are writing to notify you of a recent security incident involving certain patient information maintained by our healthcare organization. Protecting the confidentiality of your medical records is one of our most important responsibilities, and we want to explain what occurred in a clear and transparent manner.
On July 3, 2026, our information technology team detected suspicious activity affecting one of our electronic medical record systems. As soon as the activity was identified, access to the affected environment was restricted, and independent cybersecurity specialists were engaged to investigate the incident.
Following a detailed review, we determined that an unauthorized individual may have accessed certain patient records before the activity was stopped. The investigation remains ongoing, but based on the information available today, your records may have been included among those affected.
The information involved may include your full name, date of birth, address, telephone number, patient identification number, appointment history, health insurance details, treating physician information, and limited clinical records associated with your care. At this time, there is no evidence that payment card information stored through our billing provider was affected because those systems operate separately.
Immediately after discovering the incident, we isolated the affected systems, strengthened access controls, changed administrative credentials, expanded security monitoring, and began working with law enforcement authorities where appropriate. We have also introduced additional technical safeguards intended to reduce the likelihood of similar incidents occurring in the future.
Although we have not identified evidence that your medical information has been used improperly, we encourage you to review any explanations of benefits or statements received from your health insurance provider. If you notice medical services or prescriptions that you do not recognize, please contact your insurer promptly and report the matter to our Privacy Office.
We also recommend remaining cautious of unsolicited phone calls or emails claiming to represent our organization. We will never ask you to disclose sensitive medical or financial information through an unexpected email or text message.
Our healthcare team understands the trust patients place in us every day. We regret that this incident occurred and sincerely apologize for any concern or inconvenience it may cause. We remain committed to protecting your personal health information and continue investing in stronger cybersecurity measures across all of our systems.
If you have questions regarding this notification or wish to discuss your concerns with a member of our Privacy Office, please contact us at (555) 987-6543 between 8:00 a.m. and 5:00 p.m., Monday through Friday, or email privacy@greenvalleymedicalexample.com.
Thank you for your understanding and continued confidence in our organization.
Sincerely,
Privacy Office
Green Valley Medical Center
5. Vendor Data Breach Notification
Dear Business Partner,
We are writing to notify you of a cybersecurity incident that may have affected information shared between our organizations. We value the relationship we have built with your company, and we believe it is important to communicate openly whenever an event could affect information entrusted to us.
On August 6, 2026, our cybersecurity monitoring systems detected suspicious activity involving a portion of our supplier management platform. The affected systems were immediately isolated from the rest of our network while our internal security team and independent digital forensic specialists began a detailed investigation.
Based on the findings completed so far, an unauthorized individual may have accessed certain vendor records before the activity was detected and contained. Although the investigation has not confirmed that any information has been misused, some records stored within the affected environment may have been viewed or copied.
The information that may have been involved includes company names, business addresses, primary contact names, telephone numbers, email addresses, purchase orders, invoices, contract documentation, tax identification numbers submitted for business purposes, and banking information used for electronic payments.
As soon as the incident was confirmed, we reset privileged account credentials, strengthened access controls, expanded system monitoring, and introduced additional verification procedures for payment requests. We also reviewed our vendor management processes to identify opportunities for further security improvements.
Out of an abundance of caution, we recommend that your organization verify any future payment requests or banking changes that appear to come from our company using your normal communication channels. Cybercriminals sometimes use information obtained during security incidents to send convincing fraudulent emails requesting changes to payment details.
At this time, we have no evidence that fraudulent payment requests have been issued using information from this incident. Even so, remaining cautious over the coming weeks is a sensible precaution.
Our investigation remains ongoing, and if additional findings indicate that more information was affected than originally believed, we will provide another update without unnecessary delay.
We sincerely regret any inconvenience or concern this incident may cause. Protecting the information shared between our organizations remains a priority, and we are committed to strengthening our security controls even further.
If you have any questions regarding this notification, please contact our Vendor Relations Team using the contact details below.
Kind regards,
Michael Turner
Vendor Relations Manager
6. Email Account Data Breach Notification
Dear Customer,
We are contacting you regarding a recent security incident that may have affected your online account. While there is currently no evidence that your account has been used without authorization, we want to provide you with the information you need to protect yourself.
On September 14, 2026, our automated security monitoring tools detected unusual activity involving one of the databases that supports customer account authentication. The affected environment was immediately secured while our Information Security Team worked with external cybersecurity specialists to determine the cause and extent of the incident.
Following our investigation, we determined that an unauthorized party may have accessed customer login information before access was blocked. The investigation found no evidence that the attacker gained access to our payment processing systems or customer billing records.
The information that may have been affected includes your email address, username, encrypted password, and account creation date. Passwords stored in our systems were protected using industry-standard encryption methods. Even so, changing your password immediately remains the safest course of action.
As an additional precaution, we have reset your existing password. The next time you visit our website or mobile application, you will be prompted to create a new password before accessing your account.
When choosing a replacement password, select one that is unique to this account and contains a combination of upper and lowercase letters, numbers, and special characters. Reusing passwords across several websites increases the chance that a separate security incident elsewhere could affect multiple accounts.
If your account supports multi-factor authentication, we strongly encourage enabling it. That extra verification step can prevent unauthorized access even if someone learns your password.
Please also remain cautious of phishing emails claiming to come from our company. Fraudulent messages often encourage recipients to click unfamiliar links or provide login credentials through fake websites. If you receive a message that seems unusual, visit our website directly instead of using links provided in the email.
Since discovering the incident, we have strengthened authentication systems, increased security monitoring, expanded employee cybersecurity awareness training, and introduced additional protective measures across our infrastructure.
We sincerely apologize for any inconvenience this incident may cause. Maintaining your confidence is important to us, and we remain committed to improving our security systems.
If you have any questions or require assistance resetting your account, our Customer Support Team is available Monday through Friday during normal business hours.
Thank you for your patience and understanding.
Sincerely,
Emma Carter
Security Response Manager
NorthStar Digital Services
7. Data Breach Notification Following a Lost or Stolen Device
Dear Customer,
We are writing to inform you of a recent incident involving a company-issued laptop that contained certain customer records. Although there is currently no evidence that the information stored on the device has been accessed or misused, we believe it is important to notify you promptly and explain the steps we have taken.
On October 2, 2026, an employee reported that a company laptop had been stolen while traveling for business. The theft occurred despite the device being stored in a locked vehicle. Local law enforcement was notified immediately, and our internal incident response procedures were activated as soon as the report was received.
A review of the device determined that it contained files used for customer support activities. Those records may have included your full name, mailing address, email address, telephone number, customer reference number, and limited account history. The device did not contain payment card information, online banking credentials, or account passwords.
Although the laptop was protected with encryption and password security, we cannot completely rule out the possibility that the information could eventually be accessed. For that reason, we believe providing early notice is the most responsible course of action.
Since the incident occurred, we have remotely disabled the stolen device wherever technically possible, reviewed all employee devices for compliance with our security policies, and introduced stronger encryption standards for portable equipment. We have also updated our procedures governing the storage and transportation of company-issued devices.
As a precaution, we recommend remaining alert for suspicious emails, telephone calls, or text messages requesting personal information. Criminals sometimes combine publicly available information with details obtained during security incidents to make fraudulent communications appear legitimate.
At this time, there is no indication that your information has been used improperly. Should that position change as our investigation continues, we will notify you promptly with any additional recommendations.
We sincerely regret any concern this incident may cause. Protecting your personal information remains one of our highest priorities, and we appreciate your continued trust while we strengthen our security practices.
If you have any questions regarding this notification, please contact our Customer Care Team using the information provided below.
Kind regards,
Jonathan Reed
Operations Director
8. Data Breach Notification While the Investigation Is Ongoing
Dear Customer,
We believe that keeping our customers informed is an important part of maintaining trust. For that reason, we are writing to notify you of a security incident that remains under active investigation.
On November 8, 2026, our cybersecurity monitoring systems detected unusual activity affecting one of our internal databases. We immediately isolated the affected environment, activated our incident response procedures, and engaged independent cybersecurity specialists to determine the nature and extent of the incident.
The investigation is still in progress. At this stage, we have not confirmed whether your personal information was accessed. However, because your records were stored within the affected system, there is a possibility that your information could have been involved.
The information contained within the affected database includes customer names, mailing addresses, email addresses, telephone numbers, and account identification numbers. We have not identified evidence that payment card information or banking details were stored within the affected environment.
Although many details are still being reviewed, we decided it was better to notify you now rather than delay communication until every technical question has been answered. Early notice allows you to remain alert while the investigation continues.
As a precaution, we encourage you to monitor your accounts for unusual activity, remain cautious of unexpected communications requesting personal information, and report any suspicious activity to the appropriate organization.
Our investigation is continuing around the clock. If we determine that your information was accessed or that additional protective measures are necessary, we will contact you again with updated guidance as soon as possible.
We sincerely apologize for any uncertainty this situation may cause. Transparency remains an important part of our response, and we are committed to sharing confirmed information as it becomes available.
Thank you for your understanding and continued patience.
Sincerely,
Incident Response Team
9. Data Breach Notification With Complimentary Identity Protection
Dear Customer,
We regret to inform you of a recent cybersecurity incident that may have involved certain personal information associated with your account. We understand that protecting your identity is important, and we want to explain both the incident itself and the support we are providing.
Following a comprehensive investigation, we determined that an unauthorized individual may have accessed records containing your name, date of birth, mailing address, government-issued identification number, and customer account information.
Although we have not identified evidence that your information has been used fraudulently, the type of information involved could increase the possibility of identity theft if it were misused. Out of an abundance of caution, we are offering additional support to every affected customer.
Enclosed with this notification are instructions for enrolling in twenty-four months of complimentary identity monitoring and credit protection services. These services include monitoring for certain changes to your credit profile, identity theft alerts, fraud resolution support, and assistance from trained specialists if suspicious activity occurs.
Even if you choose not to enroll, we recommend reviewing your financial statements regularly, checking your credit reports where available, and remaining cautious of unexpected requests for personal information.
Since identifying this incident, we have strengthened access controls, expanded system monitoring, introduced additional authentication requirements for sensitive systems, and increased cybersecurity awareness training across our organization. We are also conducting additional security assessments to identify further opportunities for improvement.
We sincerely regret that this incident occurred and apologize for any inconvenience or concern it may cause. Your confidence in our organization is important to us, and we remain committed to protecting the information entrusted to our care.
If you have questions regarding this notification or require assistance enrolling in the identity protection service, please contact our dedicated support team.
Sincerely,
Rebecca Hall
Chief Privacy Officer
10. Follow-Up Data Breach Notification After Completion of the Investigation
Dear Customer,
Earlier this year, we notified you of a cybersecurity incident affecting one of our information systems. At that time, our investigation was still ongoing, and some details had not yet been confirmed. We are now writing to provide a final update following the completion of our forensic investigation.
The investigation confirmed that unauthorized access occurred between December 2 and December 4, 2026. The affected records included customer names, mailing addresses, email addresses, telephone numbers, and customer account identification numbers.
Our investigators found no evidence that account passwords, payment card information, banking details, or other financial records were accessed during the incident. Extensive forensic analysis also found no indication that the attacker remained within our systems after the incident was contained.
Since our original notification, we have completed a broad review of our cybersecurity program. This review resulted in stronger authentication controls, expanded network monitoring, enhanced employee cybersecurity training, improved incident detection capabilities, and additional independent security assessments across our systems.
We appreciate the patience shown by our customers while this investigation was completed. Although technical investigations often require time to ensure accuracy, we believe it is important to provide a final update once the facts have been confirmed.
Based on the completed investigation, there are no additional actions that we are asking you to take beyond the precautions outlined in our previous notification. Even so, maintaining good online security habits, such as using strong passwords and remaining cautious of phishing emails, continues to be good practice.
We sincerely apologize once again for this incident and thank you for your continued confidence in our organization. We remain committed to protecting your personal information and continually strengthening the safeguards that support our services.
If you have any additional questions regarding this matter, our Customer Support Team remains available to assist you.
Sincerely,
Andrew Collins
Chief Executive Officer
Wrapping Up
A well-written data breach notification letter should provide timely information without causing unnecessary confusion or alarm. The most effective letters explain the incident in plain language, identify the information that may have been affected, describe the actions already taken by the organization, and give practical guidance that recipients can follow immediately. A clear and honest message helps maintain trust, even during difficult situations.
Every security incident has its own circumstances, so these samples should be treated as starting points rather than documents to copy word for word. Review the facts carefully, update the dates, names, contact information, and recommended actions, then ensure the letter complies with the privacy laws and reporting requirements that apply to your organization. A prompt, transparent, and accurate notification remains one of the strongest ways to reassure customers, employees, patients, and business partners after a data security incident.