State Data Breach Notification Letter
Template – Idaho Data Breach Notification Package
(Prepared for compliance with Idaho Code § 28-51-105 and related federal consumer-reporting notice triggers)
TABLE OF CONTENTS
-
AG NOTICE
1.1 Document Header
1.2 Incident Summary
1.3 Scope of Impact
1.4 Remediation & Mitigation
1.5 Consumer Notification Plan
1.6 Contact Information -
CONSUMER NOTICE
2.1 Letter Header
2.2 What Happened
2.3 What Information Was Involved
2.4 What We Are Doing
2.5 What You Can Do
2.6 For More Information -
EXHIBIT A – OPTIONAL CREDIT-MONITORING ENROLLMENT TERMS
1. AG NOTICE
1.1 Document Header
[COMPANY LETTERHEAD]
Date: [MM/DD/YYYY]
Via [Certified Mail / Courier / Secure E-Mail]
Hon. [Full Name], Consumer Protection Division
Office of the Attorney General, State of Idaho
700 W. Jefferson St., P.O. Box 83720
Boise, ID 83720-0010
Re: Notice of Data Security Breach Pursuant to Idaho Code § 28-51-105
1.2 Incident Summary
• Breach Determination Date: [MM/DD/YYYY]
• Breach Discovery Date: [MM/DD/YYYY]
• Breach Window (if known): [MM/DD/YYYY – MM/DD/YYYY]
• Incident Vector: [e.g., Phishing, Ransomware, Third-Party Vendor]
• Systems Affected: [General Description]
1.3 Scope of Impact
• Total Idaho Residents Impacted: [###]
• Total U.S. Residents Impacted: [###]
• Personal Information (“PI”) Types Exposed:
– [Full Name]
– [Social Security Number]
– [Driver’s License / State ID Number]
– [Financial Account / Payment Card]
– [Medical Information]
• Idaho Consumer-Reporting Agency Notice: [Yes/No]
– Triggered because affected persons > 1,000? [Yes/No]
1.4 Remediation & Mitigation
• Containment Measures Implemented:
– [System Isolation; Password Resets; Patch Deployment]
• Law-Enforcement Notification:
– Contacted [Agency, Case #], on [MM/DD/YYYY]
• Future Safeguards:
– [MFA Rollout, Enhanced Logging, Vendor Re-Assessment]
• Offered Services: [12/24/36] months of credit monitoring & ID theft protection via [Provider]
1.5 Consumer Notification Plan
• Notice Method(s): [First-Class Mail / E-Mail / Substitute Notice]
• First Mailed/E-Mailed On or Before: [MM/DD/YYYY] (≤ 45 days from determination)
• Sample Consumer Notice: See Section 2 of this Package
1.6 Contact Information
Company Contact: [Name, Title]
Address: [Street, City, State, ZIP]
Telephone: [(###) ###-####]
E-Mail: [[email protected]]
Respectfully submitted,
[AUTHORIZED SIGNATORY]
[Name], [Title]
[Company Legal Name]
2. CONSUMER NOTICE
(Idaho residents – personalize for each recipient)
2.1 Letter Header
[COMPANY LETTERHEAD]
[Date]
[Recipient Name]
[Address]
City, State ZIP
2.2 What Happened
On [Determination Date], we confirmed that an unauthorized actor gained access to certain [Company] systems between [Breach Window]. We discovered the incident on [Discovery Date] and immediately initiated an investigation, secured our environment, and engaged leading cybersecurity experts.
2.3 What Information Was Involved
The investigation determined that the following types of your personal information may have been exposed:
• [☐ Full Name]
• [☐ Social Security Number]
• [☐ Driver’s License or State Identification Number]
• [☐ Financial Account / Payment Card Information]
• [☐ Medical or Health Insurance Information]
At this time, we have no evidence that your information has been misused; however, we are notifying you so that you can take proactive steps to protect yourself.
2.4 What We Are Doing
- We contained the incident, eradicated the threat, and are strengthening our security controls (including multifactor authentication, advanced endpoint monitoring, and employee training).
- We have reported the breach to the Idaho Attorney General and, where required, federal consumer-reporting agencies.
- We are offering you [12/24/36] months of complimentary credit monitoring and identity-theft protection through [Provider]. See the enclosed Exhibit A for enrollment instructions and key terms.
2.5 What You Can Do
We strongly encourage you to:
• Enroll in the complimentary credit-monitoring service by [Enrollment Deadline].
• Review the enclosed “Fraud Prevention Tips,” which includes how to place a fraud alert or security freeze on your credit files at no cost.
• Remain vigilant by reviewing account statements and monitoring free credit reports for suspicious activity.
• Immediately report any suspected identity theft to law enforcement, the Idaho Attorney General, and the Federal Trade Commission at IdentityTheft.gov.
2.6 For More Information
If you have questions, please contact our dedicated response line at [(###) ###-####], Monday through Friday, [8:00 a.m.–8:00 p.m.] Mountain Time, or email us at [[email protected]].
We regret any inconvenience this incident may cause and remain committed to safeguarding your personal information.
Sincerely,
[AUTHORIZED SIGNATORY]
[Name], [Title]
[Company Legal Name]
3. EXHIBIT A – OPTIONAL CREDIT-MONITORING ENROLLMENT TERMS
STATUTORY TIMING FOOTER
Notice provided on: [MM/DD/YYYY]
45-day statutory deadline under Idaho Code § 28-51-105: [MM/DD/YYYY]
(This footer should remain in final copies for defensibility.)
About This Template
Formal legal letters create a written record, trigger response deadlines, and often preserve rights under a statute or contract. Cease-and-desist letters, notice letters, and formal responses all have their own expected format, and the language used can mean the difference between a quick resolution and a courtroom fight. Well-drafted correspondence also documents that you tried to resolve things reasonably, which matters if the dispute escalates later.
Important Notice
This template is provided for informational purposes. It is not legal advice. We recommend having an attorney review any legal document before signing, especially for high-value or complex matters.
Last updated: April 2026