STATE DATA BREACH NOTIFICATION LETTER

Wyoming (Wyo.) Template Packet

Court-Ready, Attorney-Customizable Draft

[// GUIDANCE: This packet contains two coordinated templates—(A) notice to the Wyoming Attorney General and (B) notice to affected Wyoming consumers. Insert facts, dates, and company-specific details wherever you see a bracketed PLACEHOLDER. Remove all guidance comments prior to issuance.]

TABLE OF CONTENTS

1. Letter A – Attorney General Notification
   I. Document Header
   II. Definitions
   III. Statutorily-Required Incident Detail
   IV. Supplemental Company Disclosures
   V. Contact & Signature Block

2. Letter B – Consumer Notification
   I. Document Header
   II. Key Facts Summary
   III. What Happened
   IV. What Information Was Involved
   V. What We Are Doing
   VI. What You Can Do
   VII. Additional Resources
   VIII. Contact & Signature Block

LETTER A

NOTICE OF DATA BREACH TO THE WYOMING ATTORNEY GENERAL

(Wyo. Stat. Ann. § 40-12-502)

I. DOCUMENT HEADER

Date: [DATE]

VIA [METHOD OF DELIVERY]

Office of the Wyoming Attorney General
Consumer Protection Unit
2320 Capitol Avenue
Cheyenne, WY 82002

Re: Notice of Data Breach – [COMPANY LEGAL NAME]

II. DEFINITIONS

For purposes of this notice:
“Company” means [COMPANY LEGAL NAME], a [STATE] [ENTITY TYPE] with principal place of business at [ADDRESS].
“Incident” means the unauthorized acquisition of computerized data described below.
“PII” means “Personal Identifying Information” as that term is defined in Wyo. Stat. Ann. § 40-12-501(a)(v).

III. STATUTORILY-REQUIRED INCIDENT DETAIL

Pursuant to Wyo. Stat. Ann. § 40-12-502(b)–(e), Company provides the following information:

1. Date of Incident Discovery: [MM/DD/YYYY]
2. Estimated Date(s) of Breach: [MM/DD/YYYY – MM/DD/YYYY]
3. Type of PII Involved:
   • [Social Security numbers]
   • [Driver’s license or state ID numbers]
   • [Account or credit/debit card numbers + security code]
   • [Medical or health-insurance information]
   • [Username/email + password/credential]
4. Number of Wyoming Residents Affected: Approximately [NUMBER].
5. Method of Discovery & Scope Determination: [BRIEF DESCRIPTION].
6. Law-Enforcement Liaison:
   • Agency: [AGENCY NAME, if any]
   • Point of Contact: [NAME / PHONE / EMAIL]
   • Whether a delay was requested under § 40-12-502(c): [YES/NO].
7. Consumer Notification Timing: Written notice will be dispatched on or before [MM/DD/YYYY], which is “without unreasonable delay” and in any event not later than 45 days after discovery, consistent with § 40-12-502(b).
8. Method(s) of Consumer Notification: [First-class mail / Email under E-SIGN consent / Substitute notice].
9. Consumer-Reporting-Agency Notification: Because the breach affects more than 1,000 persons, Company will provide notice to the nationwide consumer-reporting agencies on [MM/DD/YYYY] in compliance with § 40-12-502(d).
10. Remediation & Security Enhancements Implemented: [MULTI-FACTOR AUTHENTICATION, PASSWORD RESET, ENCRYPTION UPGRADES, ETC.].
11. Credit-Monitoring/Identity-Theft Protection Offered: [YES/NO – Describe terms, duration, and how residents enroll].

IV. SUPPLEMENTAL COMPANY DISCLOSURES

A. Root-Cause Analysis (High-Level): [OPTIONAL BUT RECOMMENDED—e.g., “compromised employee credentials via phishing e-mail”].
B. Third-Party Vendors Involved: [NAMES / SERVICES] (if applicable).
C. Internal Policies Updated: [CITE OR DESCRIBE REVISED INFOSEC POLICY, INCIDENT-RESPONSE PLAN].

[// GUIDANCE: This section is not mandated by statute but demonstrates diligence and mitigates regulatory exposure.]

V. CONTACT & SIGNATURE BLOCK

Please direct any follow-up inquiries to:

[NAME], [TITLE]
[COMPANY LEGAL NAME]
[ADDRESS]
Direct: [PHONE] | Email: [EMAIL]

Sincerely,

[NAME]
[Title]
Authorized Representative of [COMPANY]

LETTER B

NOTICE OF DATA BREACH TO AFFECTED WYOMING RESIDENTS

(Required by Wyo. Stat. Ann. § 40-12-502(e))

I. DOCUMENT HEADER

Date: [DATE]

[Recipient Name]
[Recipient Address]

Re: Important Information About Your Personal Information

II. KEY FACTS SUMMARY

• What Happened: Unauthorized access to certain Company systems on [DATE].
• What Information Was Involved: [High-level description—see Section IV].
• What We Are Offering: [12/24] months of complimentary credit-monitoring and identity-theft protection.
• What You Can Do: Enroll in the offered services and review the “What You Can Do” section below.

III. WHAT HAPPENED

On [DISCOVERY DATE], Company identified suspicious activity in its network. A forensic investigation completed on [COMPLETION DATE] determined that an unauthorized actor accessed certain files containing your Personal Identifying Information between [DATE RANGE].

IV. WHAT INFORMATION WAS INVOLVED

The following information related to you may have been accessed:
[CHECK ALL THAT APPLY]
☐ Social Security number
☐ Driver’s license or state identification number
☐ Financial account number with access code
☐ Medical/health-insurance information
☐ Username and password / security question answer

V. WHAT WE ARE DOING

1. We immediately contained the Incident, engaged a leading cybersecurity firm, and notified law enforcement.
2. We enhanced network security, including [MEASURES].
3. We are offering you [FREE DURATION] of credit-monitoring and identity-theft protection at no cost. To enroll:
   • Visit: [URL]
   • Activation Code: [CODE]
   • Deadline: [MM/DD/YYYY]

VI. WHAT YOU CAN DO

• Review your account statements and credit reports for unauthorized activity.
• Place a fraud alert or security freeze on your credit files.
• Consider obtaining free annual credit reports from the three nationwide credit-reporting agencies at www.annualcreditreport.com or 1-877-322-8228.

Credit-Reporting Agencies:
Equifax – 1-800-525-6285 | PO Box 105788, Atlanta, GA 30348-5788
Experian – 1-888-397-3742 | PO Box 9554, Allen, TX 75013
TransUnion – 1-800-680-7289 | PO Box 2000, Chester, PA 19016

For more information on identity theft, visit the Federal Trade Commission at www.identitytheft.gov or call 1-877-ID-THEFT.

VII. ADDITIONAL RESOURCES

Under Wyoming law, you have the right to obtain a police report regarding this Incident and to place a security freeze on your credit report at no charge. Instructions are available from each credit-reporting agency listed above.

VIII. CONTACT & SIGNATURE BLOCK

If you have questions, please contact our dedicated assistance line at [PHONE] (Monday–Friday, 8 a.m.–8 p.m. Mountain Time) or email us at [EMAIL].

We regret any inconvenience this Incident may cause and remain committed to safeguarding your information.

Sincerely,

[NAME]
[Title]
[COMPANY LEGAL NAME]

APPENDIX: STATUTORY REFERENCE

This notice is provided pursuant to the Wyoming “Computer Crimes and Personal Identification Security” Act, Wyo. Stat. Ann. § 40-12-502 (2023).

[// GUIDANCE:
1. Timing – Wyoming requires notice “without unreasonable delay,” typically interpreted as ≤45 days absent a documented law-enforcement delay.
2. AG Notice – Wyoming statute does not expressly mandate Attorney General notification; however, many entities provide courtesy notice, and the AG may request details. Modify Letter A if electing not to notify.
3. Consumer-Reporting-Agency Notice – Mandatory if ≥1,000 individuals nationwide are notified.
4. Maintain evidence of dispatch dates and copies of final letters for at least five (5) years to demonstrate compliance.
5. Confirm that any offered credit-monitoring meets FTC guidance for scope and duration.]