Templates Legal Letters Correspondence State Data Breach Notification Letter
Virginia Legal Letters Correspondence
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
State Data Breach Notification Letter
Ready to Edit
State Data Breach Notification Letter - Free Editor

Commonwealth of Virginia

Data Breach Notification Packet

(Attorney General & Consumer Notice Templates)

[// GUIDANCE: This packet contains two letter templates—one for mandatory notice to the Virginia Office of the Attorney General (“OAG”) and one for notice to affected Virginia residents. Each template already incorporates key requirements of Va. Code Ann. § 18.2-186.6 and current industry best practices. Bracketed text should be completed or tailored before issuance.]

TABLE OF CONTENTS

  1. Attorney General Notification Letter Template
  2. Consumer Notification Letter Template
  3. Attachment A – Sample Identity-Theft Prevention Resources
  4. Attachment B – Sample Credit Reporting Agency Contact Sheet

1. ATTORNEY GENERAL NOTIFICATION LETTER TEMPLATE

[LETTERHEAD OF [COMPANY LEGAL NAME]]
[Street Address] | [City, State ZIP] | [Telephone] | [Email]

[Date]

The Honorable [Name of Attorney General]
Office of the Attorney General of Virginia
202 North Ninth Street
Richmond, VA 23219

Re: Notice of Data Breach Pursuant to Va. Code Ann. § 18.2-186.6

Dear Attorney General [Last Name]:

  1. INTRODUCTION
    Pursuant to Va. Code Ann. § 18.2-186.6, [Company Legal Name], a [state] [corporation/LLC/etc.] (“Company”), provides this notice regarding a breach of the security of computerized data involving personal information of Virginia residents.

  2. INCIDENT OVERVIEW
    a. Date(s) of Incident: [mm/dd/yyyy – mm/dd/yyyy]
    b. Date Breach Determined: [mm/dd/yyyy]
    c. Nature of Incident: [Brief, factual description (e.g., unauthorized access to cloud-based email environment via phishing)].
    d. Type of Personal Information Involved: [✓ Social Security numbers; ✓ driver’s-license numbers; ✓ financial-account numbers, etc.].
    e. Number of Virginia Residents Affected: [Numeric total].
    f. Law-Enforcement Involvement: [Yes/No]. If yes, provide agency name, point of contact, and any requested delay authority.

  3. CONTAINMENT & REMEDIATION
    The Company took the following steps upon discovery:
    • Isolated affected systems within [X] hours;
    • Engaged third-party forensic experts on [mm/dd/yyyy];
    • Implemented password resets, multi-factor authentication, and enhanced endpoint detection;
    • Established dedicated call center and credit-monitoring offering for impacted individuals.

  4. CONSUMER NOTIFICATION
    a. Notification Method(s): [First-class mail / email per E-SIGN consent / substitute notice].
    b. Notification Timing: Scheduled to commence on or before [mm/dd/yyyy], which is without unreasonable delay from determination of the breach and consistent with any law-enforcement hold.
    c. Sample Notification: Enclosed as Attachment C.

  5. OTHER NOTIFICATIONS
    • Consumer Reporting Agencies (because ≥ 1,000 residents affected) were/will be notified on [mm/dd/yyyy].
    • Any relevant federal regulators (e.g., FTC, HHS) were/will be notified as applicable.

  6. CONTACT INFORMATION
    Please direct any questions to:
    [Name, Title]
    [Telephone] | [Email]

Respectfully submitted,

[AUTHORIZED SIGNATORY NAME]
[Title]
[Company Legal Name]

2. CONSUMER NOTIFICATION LETTER TEMPLATE

[LETTERHEAD OF [COMPANY LEGAL NAME]]
[Street Address] | [City, State ZIP] | [Toll-Free Hotline] | [Email]

[Date]

[Recipient Name]
[Street Address]
[City, State ZIP]

Subject: IMPORTANT INFORMATION ABOUT YOUR PERSONAL DATA

Dear [Mr./Ms.] [Last Name],

  1. WHAT HAPPENED?
    On [mm/dd/yyyy], we discovered that an unauthorized party accessed certain Company systems between [mm/dd/yyyy] and [mm/dd/yyyy]. Upon learning of the incident, we immediately secured our systems, engaged independent cybersecurity experts, and initiated a thorough investigation.

  2. WHAT INFORMATION WAS INVOLVED?
    The investigation determined that the following types of your personal information were involved:
    • [Social Security number]
    • [Driver’s-license or state ID number]
    • [Financial-account or payment-card number + any required access code/PIN]
    No passwords or security questions/answers were involved [if applicable].

  3. WHAT WE ARE DOING
    • We have contained the incident and enhanced our security protocols, including [describe].
    • We are offering you [12/24] months of complimentary [NAME OF SERVICE] identity-theft protection and credit-monitoring services through [Provider Name]. ‌Instructions to enroll are enclosed.
    • We notified the Virginia Office of the Attorney General and major consumer reporting agencies, as required by law.

  4. WHAT YOU CAN DO
    We recommend that you:
    • Enroll in the complimentary identity-protection services.
    • Review the “Steps You Can Take to Protect Your Information” in Attachment A, which includes guidance on obtaining free credit reports, placing fraud alerts, and freezing your credit.
    • Remain vigilant and promptly report any suspicious activity to us and the relevant financial institution.

  5. FOR MORE INFORMATION
    If you have questions, please contact our dedicated response team at [Toll-Free Number] between [hours] or visit [website]. ‌When calling, please reference code: [Unique Incident Code].

We regret any inconvenience this incident may cause and remain committed to protecting your information.

Sincerely,

[AUTHORIZED SIGNATORY NAME]
[Title]
[Company Legal Name]

3. ATTACHMENT A – STEPS YOU CAN TAKE TO PROTECT YOUR INFORMATION

[// GUIDANCE: The following language reflects current best practices recommended by the FTC and national credit bureaus. ‌Tailor as needed.]

  1. Review Your Account Statements and Credit Reports
    • Obtain free credit reports at www.AnnualCreditReport.com or 1-877-322-8228.
    • Check for unfamiliar activity and report discrepancies immediately.

  2. Fraud Alerts
    • Contact any one of the three nationwide credit bureaus to place a fraud alert; the bureau you contact must notify the others.
    Experian – 888-397-3742
    TransUnion – 800-680-7289
    Equifax – 800-525-6285

  3. Credit Freezes
    • A credit freeze restricts access to your credit report. ‌It is free and can be placed online or via telephone with each bureau.

  4. Federal Trade Commission & Law Enforcement
    • If you suspect identity theft, file a report with the FTC at IdentityTheft.gov and consider filing a police report.

4. ATTACHMENT B – CONSUMER REPORTING AGENCY CONTACT SHEET

Bureau Online Freeze Phone Mail Address
Equifax www.equifax.com/personal/credit-report-services 800-349-9960 Equifax Security Freeze, P.O. Box 105788, Atlanta, GA 30348
Experian www.experian.com/freeze/center.html 888-397-3742 Experian Security Freeze, P.O. Box 9554, Allen, TX 75013
TransUnion www.transunion.com/credit-freeze 888-909-8872 TransUnion LLC, P.O. Box 160, Woodlyn, PA 19094

[// GUIDANCE: A “Sample Notification” referenced in the AG letter can be a duplicate of the Consumer Notification Letter above or a redacted version with PII removed.]

LEGAL FOOTNOTE

This notification is made pursuant to Va. Code Ann. § 18.2-186.6 (2023) and any other applicable federal or state data-breach laws. ‌Nothing in this correspondence constitutes an admission of liability or wrongdoing.

AI Legal Assistant

Welcome to State Data Breach Notification Letter

You're viewing a professional legal template that you can edit directly in your browser.

What's included:

  • Professional legal document formatting
  • Virginia jurisdiction-specific content
  • Editable text with legal guidance
  • Free DOCX download

Upgrade to AI Editor for:

  • 🤖 Real-time AI legal assistance
  • 🔍 Intelligent document review
  • ⏰ Unlimited editing time
  • 📄 PDF exports
  • 💾 Auto-save & cloud sync