Below are structured templates for a data breach notification related to unauthorized access to a marketing email service provider account. These materials are designed for website, media, social channels, email, and customer support. They emphasize transparency, risk assessment, user guidance, and brand commitments. Replace placeholders (e.g., [Organization], [Vendor], [Contact]) before publishing.
Website Announcement (Long Form)
Title: Security Notice: Incident Involving Our Marketing Email Service
Date: 24 September 2025
Incident ID: MKT-EMAIL-2025-09-24
Summary
- On 24 September 2025, we detected unauthorized access to our third-party marketing email service provider account.
- Estimated impact: approximately 20,000 subscribers’ email addresses and associated preference tags.
- No passwords, payment information, or production systems were affected.
- Immediate actions taken: credentials reset, security auditing enabled, tokens revoked, and a joint investigation initiated with our vendor.
What Happened
On 24 September 2025, our monitoring alerted us to suspicious activity involving a vendor-managed marketing email account. A preliminary review of access logs indicates unauthorized sign-ins to the account used for managing subscriber lists and content preferences. We promptly disabled the compromised credentials, enforced multifactor authentication (MFA) on the account, enabled enhanced audit logging, and engaged the vendor’s security team for a coordinated investigation.
What Information Was Involved
- Email addresses for marketing subscribers.
- Preference tags (e.g., topics of interest, subscription segments, locale, and communication frequency).
- Not involved: passwords, payment information, government IDs, or customer support case data.
- Our production environment and transactional systems are separate and not affected by this incident based on current evidence.
Risk Assessment
- Primary risk: increased likelihood of spam or targeted phishing using subscriber email addresses and interest tags.
- No direct risk to user passwords or financial data from this incident.
- We currently have no indication of unauthorized access beyond the marketing service environment, but the investigation is ongoing.
What We Are Doing
- Credentials reset and session tokens revoked for the affected account.
- MFA enforced and privileged access reviewed for the marketing vendor account.
- Security auditing and log preservation enabled; forensic analysis underway with [Vendor].
- Strengthening third‑party access controls and least‑privilege permissions across marketing integrations.
- Reviewing message sending safeguards and domain protections to reduce email spoofing risk.
- Notifying affected individuals and, where applicable, relevant authorities in accordance with data protection laws.
- We will publish an update and a post‑incident report once the investigation concludes.
What You Can Do (Self‑Help Recommendations)
- Be vigilant for phishing: treat unsolicited emails with caution, especially those referencing your preferences or asking for credentials, codes, or payment.
- Verify communications: check sender domains, avoid clicking unknown links, and navigate to our website directly for account or preference updates.
- Report suspicious messages: forward potential phishing emails to [security@organization.com] or contact [Support Number].
- Review your subscription preferences: visit [Preference Center URL] to confirm or adjust your settings.
- General email hygiene: use strong, unique passwords on your email account, enable MFA where possible, and update spam filters.
Support and Contact
- Dedicated inbox: [privacy@organization.com]
- Hotline: [Support Number], available [Hours/Timezone]
- More information and updates: [Incident Notice URL]
Regulatory Notice
If you reside in a jurisdiction with breach notification requirements (e.g., GDPR, CPRA), we will meet applicable obligations, including notifying supervisory authorities and affected individuals where required. Contact [DPO/Privacy Office Contact] for rights requests or questions about local requirements.
Commitment to Security
We are committed to protecting your data. We are enhancing vendor controls, audit capabilities, and incident response procedures, and will share material findings and corrective actions following the investigation.
Website Announcement (Short Form/Banner)
Title: Notice: Marketing Email Data Incident
On 24 Sep 2025, our marketing email vendor account was accessed without authorization. Approximately 20,000 subscriber email addresses and preference tags were exposed. No passwords or payment information were affected. We have reset credentials, enabled security auditing, and are investigating with the vendor. Learn more and recommended steps: [Incident Notice URL]. Contact: [privacy@organization.com], [Support Number].
Media Statement / Press Release Template
Headline: [Organization] Announces Investigation into Unauthorized Access of Marketing Email Vendor Account
[City], [Date] — [Organization] detected unauthorized access on 24 September 2025 to a third‑party account used for marketing email operations. The incident affected approximately 20,000 subscribers’ email addresses and preference tags. No passwords or payment data were involved.
Upon discovery, [Organization] immediately reset credentials, enforced multifactor authentication, enabled enhanced security auditing, and initiated a joint investigation with the vendor. Current evidence indicates the incident is limited to the marketing email environment; production systems are not implicated.
“Our priority is the security and privacy of our users,” said [Title, Name]. “We are working with our provider to determine the root cause, close any gaps, and inform affected subscribers. The primary risk is targeted phishing attempts; we urge users to remain vigilant and verify messages before acting.”
[Organization] is notifying affected individuals and, where required, informing relevant authorities in accordance with data protection laws. Guidance on recognizing and reporting suspicious emails, as well as preference management, is available at [Incident Notice URL]. For questions, contact [privacy@organization.com] or [Support Number].
About [Organization]
[One‑sentence factual description.]
Media Contact
[Name, Title]
[Email, Phone]
Social Media Posts (Short)
Version 1
We detected unauthorized access to our marketing email provider on Sep 24. Approx. 20,000 subscriber emails + preference tags were exposed. No passwords/payment info affected. Steps you can take + our actions: [Incident URL]. Questions: [privacy@organization.com].
Version 2
Security notice: Marketing email vendor incident (Sep 24). Impact: ~20k emails + preference tags; no passwords or payment data. We reset credentials and are investigating with the vendor. Guidance and updates: [Incident URL]. Support: [Support Number].
Version 3 (LinkedIn-style, slightly longer)
On Sep 24, we identified unauthorized access to a third‑party marketing email account. About 20,000 subscriber emails and preference tags were exposed; no passwords or payment data were affected. We’ve reset credentials, enabled auditing, and are investigating with our vendor. Learn more, including phishing prevention tips: [Incident URL]. Contact: [privacy@organization.com].
Email Notification Templates
Audience: Impacted Marketing Subscribers
Subject Line Options
- Security Notice: Marketing Email Data Incident on 24 Sep 2025
- Important: Your Email Address May Have Been Exposed
- Action Recommended: Be Alert to Phishing Following Vendor Incident
Body
Hello [First Name],
We are writing to inform you of a security incident related to our third‑party marketing email service provider. On 24 September 2025, we detected unauthorized access to the account used to manage subscriber communications.
What information was involved:
- Your email address and associated preference tags (e.g., topics of interest).
- No passwords, payment information, or production account data were involved.
Estimated impact: approximately 20,000 subscribers.
What we have done:
- Reset credentials and revoked active sessions.
- Enforced multifactor authentication and enabled enhanced audit logging.
- Initiated a joint investigation with our vendor to determine root cause and scope.
- Reviewing third‑party access controls to prevent recurrence.
What you can do:
- Be vigilant for phishing. Do not share passwords, codes, or payment details via email.
- Verify messages are from [organization domain]; navigate directly to our website rather than using email links.
- Report suspicious emails to [security@organization.com].
- Review your preferences at [Preference Center URL].
We will provide updates at [Incident Notice URL]. If you have questions or wish to exercise privacy rights, contact [privacy@organization.com] or [Support Number]. If you reside in [Jurisdiction], we have notified [Supervisory Authority] as required.
Thank you for your attention to this matter.
Sincerely,
[Name], [Title]
[Organization]
[Contact Details]
Audience: General Customers/Stakeholders (Non‑Subscribers)
Subject Line Options
- Notice: Vendor Incident Affecting Marketing Email Data
- Security Update from [Organization]
Body
Hello,
On 24 September 2025, we detected unauthorized access to a third‑party marketing email account. Approximately 20,000 subscriber email addresses and preference tags were exposed. No passwords, payment information, or production systems were affected.
We have reset credentials, enabled security auditing, and are conducting a joint investigation with the vendor. The principal risk is targeted phishing to exposed email addresses. Guidance on recognizing and reporting suspicious emails is available at [Incident Notice URL]. For questions, contact [privacy@organization.com] or [Support Number].
Regards,
[Organization Security/Privacy Team]
Customer Support Script and FAQs
Opening
- Thank you for contacting [Organization]. We can provide details about the marketing email vendor incident identified on 24 Sep 2025. How can we assist you today?
Key Facts (Talking Points)
- Unauthorized access to our marketing email service provider account on 24 Sep 2025.
- Approx. 20,000 subscriber email addresses and preference tags exposed.
- No passwords or payment information were affected.
- Credentials were reset; MFA and audit logging enabled; investigation ongoing with vendor.
- Primary risk: phishing or spam targeting exposed email addresses.
Do’s
- Direct users to the incident page: [Incident Notice URL].
- Encourage reporting of suspicious messages to [security@organization.com].
- Help users review their subscription preferences at [Preference Center URL].
- Escalate complex or legal rights questions to [privacy@organization.com]/[DPO Contact].
Don’ts
- Do not speculate on attacker identity, method, or unverified impact.
- Do not promise compensation or remedies beyond approved policy.
- Do not confirm an individual’s inclusion on the impacted list unless identity verification is completed per policy.
Common Questions and Responses
Q: Was my password or payment info exposed?
A: No. The incident involved a marketing email account and affected email addresses and preference tags only. Passwords and payment data were not involved.
Q: What should I watch out for?
A: Be alert for phishing or unsolicited emails, especially those referencing your interests. Verify sender domains, avoid clicking unknown links, and do not share credentials or codes.
Q: Are your main systems affected?
A: Current evidence indicates the incident is limited to the marketing email environment. Our production systems remain unaffected.
Q: How will I receive updates?
A: We will post updates at [Incident Notice URL]. You may also contact [privacy@organization.com] or [Support Number].
Q: Can you remove my data from marketing lists?
A: Yes. Visit [Preference Center URL] or we can process your request after identity verification. We support unsubscribe and applicable rights requests.
Q: Have you notified authorities?
A: We comply with applicable laws. Where required (e.g., GDPR/CPRA), we notify supervisory authorities and affected individuals. Our privacy team can provide jurisdiction‑specific details.
Operational Notes for Agents
- Verify identity before discussing specific subscriber records.
- Log the inquiry under Incident ID MKT-EMAIL-2025-09-24.
- Escalate indicators of active phishing campaigns to the security team immediately.
Optional Compliance Addendum (Internal Use / Regulator-Facing)
- Incident discovery date/time: 2025‑09‑24 [UTC/local time].
- Data elements: email addresses; preference tags (non-sensitive marketing metadata).
- Estimated volume: ~20,000 records.
- Affected system: [Vendor name], marketing email account.
- Containment: credential reset, token revocation, MFA enforcement, audit logging activated, vendor engaged.
- Notifications: draft templates prepared for individuals; regulator notifications to be filed per [jurisdiction] within statutory timelines (e.g., GDPR Art. 33 within 72 hours, CPRA “without unreasonable delay”).
- Post‑incident actions: review access controls, least privilege, third‑party risk assessment, incident report publication timeline.
These templates are designed to be precise and consistent across channels, support user self‑help, and align with common regulatory expectations. Adjust placeholders and local requirements before use.
