Templates Legal Letters Correspondence State Data Breach Notification Letter
Missouri Legal Letters Correspondence
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
State Data Breach Notification Letter
Ready to Edit
State Data Breach Notification Letter - Free Editor

MISSOURI DATA BREACH NOTIFICATION PACKAGE

(This template contains two companion letters—one to the Missouri Attorney General and one to affected consumers—to facilitate compliance with Mo. Rev. Stat. § 407.1500 (2023).)

[// GUIDANCE: 1. Replace all bracketed, ALL-CAPS placeholders before release.
2. Do not include the number of affected Missouri residents in the consumer letter—the statute prohibits it.
3. Deliver notice “without unreasonable delay and no later than forty-five (45) days” after discovery, unless law-enforcement delay applies.
4. If >1,000 Missouri residents are affected, you must also notify the nationwide consumer reporting agencies on the same timetable.
5. Retain proof of transmittal for at least five (5) years.]

TABLE OF CONTENTS

  1. Part A – Attorney General Notification Letter
  2. Document Header
  3. Definitions
  4. Operative Disclosure
  5. Representations & Certifications
  6. Enclosures
  7. Part B – Consumer Notification Letter
  8. Document Header
  9. Key Facts About the Incident
  10. Protective Measures We Have Taken
  11. Steps You Can Take
  12. Contact Information & Resources

PART A – ATTORNEY GENERAL NOTIFICATION LETTER

1. DOCUMENT HEADER

From:
[ENTITY LEGAL NAME]
[Street Address] | [City, State ZIP] | [Telephone]
[Email] | [Website]

To:
Office of the Missouri Attorney General
Consumer Protection Division
Attn: Data Breach Notifications
P.O. Box 899
Jefferson City, MO 65102
E-mail (preferred): [email protected]

Re: NOTICE OF DATA BREACH – Mo. Rev. Stat. § 407.1500

Date: [MONTH DAY, YEAR] (the “Notification Date”)

2. DEFINITIONS

For purposes of this Notice:
“Incident” means the actual or reasonably suspected unauthorized access to or acquisition of Personal Information as defined in Mo. Rev. Stat. § 407.1500(1)(9).
“Company,” “we,” “our,” and “us” refer to [ENTITY LEGAL NAME].

3. OPERATIVE DISCLOSURE

Pursuant to Mo. Rev. Stat. § 407.1500, we provide the following information:

3.1 Identity of Reporting Entity
• Legal Name: [ENTITY LEGAL NAME]
• FEIN: [##-#######]
• State of Incorporation/Organization: [STATE]
• Primary Contact Person: [NAME, TITLE]
• Direct Contact: [PHONE] | [EMAIL]

3.2 Nature & Scope of Incident
• Type of breach (check all applicable):
☐ Unauthorized acquisition  ☐ Unauthorized access
• Method (e.g., phishing, ransomware, lost device): [BRIEF DESCRIPTION]
• First date/suspected date of compromise: [DATE or DATE RANGE]
• Date of discovery: [DATE]
• Ongoing? ☐ Yes ☐ No
• Total number of Missouri residents notified or to be notified: [NUMBER]
[// GUIDANCE: Required for AG letter; omit in consumer letter.]

3.3 Categories of Personal Information Affected
☐ Social Security number    ☐ Driver’s license / state ID number
☐ Financial account + access code ☐ Medical / health insurance information
☐ Biometric data        ☐ “Unique electronic ID” credentials
☐ Other: [SPECIFY]

3.4 Delay (if any)
Notice was delayed until today because:
☐ Written request from law-enforcement agency dated [DATE] stating notice would impede criminal investigation.
☐ Necessary measures to determine scope of breach, restore system integrity, and prevent further disclosure.

3.5 Notice to Consumers
• Method(s): ☐ First-class mail ☐ E-mail per E-SIGN consent ☐ Substitute notice*
• Commencement of consumer mailing: [DATE]
• Sample copy enclosed as Exhibit A.

3.6 Remediation Measures
[BRIEF SUMMARY of technical, legal, and operational steps taken, e.g., password resets, endpoint isolation, forensic review, enhanced MFA.]

3.7 Credit Monitoring / Identity Protection Services
We are offering affected residents [##] months of complimentary [SERVICE NAME] identity-protection services. Terms and enrollment instructions appear in Exhibit A.

3.8 Consumer Reporting Agency Notice
Because the Incident involves more than 1,000 Missouri residents, we provided contemporaneous notice to the nationwide consumer reporting agencies on [DATE].

3.9 Contact for Additional Information
NAME: [PRIMARY CONTACT] | TITLE: [TITLE]
PHONE: [DIRECT LINE] E-MAIL: [EMAIL]

4. REPRESENTATIONS & CERTIFICATIONS

4.1 Good-Faith Compliance
We certify, under penalty of perjury, that the information contained herein is true and correct to the best of our knowledge as of the Notification Date and that we have complied with all applicable requirements of Mo. Rev. Stat. § 407.1500.

4.2 Reservation of Rights
Nothing in this Notice shall be construed as an admission of liability or of any violation of law, and we expressly reserve all legal defenses and privileges.

5. ENCLOSURES

Exhibit A – Sample Consumer Notification Letter (Missouri Residents)
Exhibit B – Law-Enforcement Delay Letter (if applicable)
Exhibit C – Timeline & Incident Diagram (CONFIDENTIAL)

PART B – SAMPLE CONSUMER NOTIFICATION LETTER (EXHIBIT A)

[ENTITY LETTERHEAD]

[DATE]

[CONSUMER NAME]
[ADDRESS]
[CITY, STATE ZIP]

Subject: IMPORTANT NOTICE ABOUT YOUR PERSONAL INFORMATION

Dear [CONSUMER NAME]:

We are writing to inform you of a data security incident that may have involved your personal information. Your privacy is important to us, and we want to provide you with details of the incident and steps you can take to protect yourself.

  1. What Happened
    On [DATE OF DISCOVERY], we determined that unauthorized [access to/acquisition of] certain Company systems occurred between [DATE RANGE]. Upon discovery, we immediately initiated an investigation with the assistance of leading cybersecurity professionals and notified law enforcement.

  2. What Information Was Involved
    The information affected may have included your:
    • [e.g., Social Security number]
    • [Driver’s license number]
    • [Financial account number]
    Please note: not all data elements were involved for every individual.

  3. What We Are Doing
    • Secured and remediated the impacted systems.
    • Implemented additional technical safeguards, including [MFA, endpoint monitoring, etc.].
    • Offered you [##] months of complimentary credit monitoring and identity-theft protection through [SERVICE PROVIDER]. This service includes credit bureau monitoring, $1,000,000 identity-theft insurance, and dedicated fraud resolution support. To activate:

  4. Visit: [URL]
  5. Enter Activation Code: [CODE]

  6. Enroll by: [DEADLINE]

  7. What You Can Do
    We encourage you to remain vigilant by reviewing your account statements and monitoring free credit reports. Enclosed are “Steps You Can Take to Protect Your Information,” including how to place a fraud alert or security freeze and how to obtain your free annual credit report.

  8. For More Information
    If you have questions, please contact our dedicated response line at [TOLL-FREE NUMBER] Monday–Friday, 8 a.m.–8 p.m. Central Time, or e-mail us at [EMAIL]. You may also write to us at:
    Data Privacy Office, [ENTITY NAME]
    [ADDRESS]

Sincerely,

[AUTHORIZED SIGNATORY]
[TITLE]
[ENTITY NAME]

Enclosures: Steps You Can Take to Protect Your Information

ENCLOSURE – STEPS YOU CAN TAKE TO PROTECT YOUR INFORMATION

A. Review Your Accounts: Monitor bank, credit-card, and insurance statements for suspicious activity.

B. Credit Reports: Obtain free credit reports from www.annualcreditreport.com or (877) 322-8228.

C. Fraud Alerts: Place a fraud alert by contacting any one of the nationwide credit bureaus. The alert is free and lasts one year.
• Equifax: www.equifax.com | (888) 766-0008
• Experian: www.experian.com | (888) 397-3742
• TransUnion: www.transunion.com | (800) 680-7289

D. Security Freezes: You have the right to place a free security freeze on your credit file, which prevents new credit from being opened without your permission. Contact each bureau using the information above.

E. Federal Trade Commission: If you detect suspicious activity, file a complaint with the FTC at IdentityTheft.gov or (877) 438-4338, and/or contact your local law-enforcement agency.

F. For Missouri Residents: You may also contact the Missouri Attorney General’s Office at (800) 392-8222 or [email protected].

[// GUIDANCE: The foregoing consumer letter meets the minimum content items delineated in Mo. Rev. Stat. § 407.1500(2)(4): (1) incident date, (2) PI description, (3) Company contact, (4) notice of credit reporting agencies/FTC, and (5) advice on vigilance. Maintain brevity and avoid granular technical details that could compromise system security.]

OPTIONAL INTERNAL CHECKLIST (omit before transmittal)

  1. ☐ Incident investigation closed & final forensic report on file
  2. ☐ 45-day statutory clock confirmed
  3. ☐ Law-enforcement consultation documented
  4. ☐ Consumer reporting agency notices sent
  5. ☐ AG package sent via traceable method
  6. ☐ Proof of consumer mailing retained
  7. ☐ Ongoing mitigation & post-incident review scheduled

END OF TEMPLATE

AI Legal Assistant

Welcome to State Data Breach Notification Letter

You're viewing a professional legal template that you can edit directly in your browser.

What's included:

  • Professional legal document formatting
  • Missouri jurisdiction-specific content
  • Editable text with legal guidance
  • Free DOCX download

Upgrade to AI Editor for:

  • 🤖 Real-time AI legal assistance
  • 🔍 Intelligent document review
  • ⏰ Unlimited editing time
  • 📄 PDF exports
  • 💾 Auto-save & cloud sync