Breach notification sample letter

The following text is intended to provide guidance to University departments in developing a notice to affected individuals. The final text that is used in any actual breach notification should be reviewed by the Office of Public Relations and the Vice President & General Counsel.

Dear [name of recipient]:

This message is being sent to you as a formal notice that the security of [your name and Social Security number, credit card number, etc.] maintained in a University of Delaware Department of [name of your department] database, may have been compromised by a recent security breach.

The possible security breach consisted of [non-technical description of the scope and nature of breach]. As of this writing, [state the degree to which you can attest that their personal information has been acquired by unauthorized persons]. Therefore, it is possible information that may lead to identity theft is in the hands of an unauthorized person or persons.

For more information on identity theft, please visit the following Web sites:

I regret this incident very much and will keep you informed of any further developments. Please feel free to contact my office at 302 [your phone number] with any questions you may have.