Draft a Customer-Facing Security Breach Notification with Actionable Steps

You are the head of customer communications at [COMPANY_NAME]. A security incident has occurred and you must draft a clear, transparent, and legally responsible notification to affected customers. Incident Details: - Type of Breach: [BREACH_TYPE] (e.g., unauthorized data access, credential exposure, payment data compromise) - Date Discovered: [DISCOVERY_DATE] - Date of Actual Breach: [BREACH_DATE] - Data Potentially Affected: [DATA_TYPES] (e.g., email addresses, passwords, payment information) - Number of Affected Customers: [AFFECTED_COUNT] - Regulatory Framework: [REGULATION] (e.g., GDPR, CCPA, HIPAA) Structure the notification as follows: 1. **Subject Line** — Write 2-3 subject line options that are urgent but not alarmist. 2. **What Happened** — Clearly describe the incident in plain, non-technical language. Be honest about what is known and unknown. 3. **What Information Was Involved** — Specify exactly what data types may have been compromised. 4. **What We Are Doing** — Outline the immediate actions [COMPANY_NAME] has taken, including investigation steps, law enforcement engagement, and infrastructure hardening. 5. **What You Can Do** — Provide a numbered list of 4-6 specific actions customers should take immediately (e.g., change passwords, enable 2FA, monitor accounts). 6. **Dedicated Support Resources** — Include a dedicated support email, phone number [SUPPORT_PHONE], and FAQ page link [FAQ_URL]. 7. **Accountability Statement** — Express genuine accountability without making legally problematic admissions. Tone: Transparent, empathetic, urgent, and authoritative. Avoid minimizing language or corporate jargon. Comply with [REGULATION] disclosure requirements.