SAMPLE LETTER FROM A BREACHING ENTITY TO NOTIFY NEW YORKERS OF A SECURITY BREACH INCIDENT
Dear (name of person):
We are writing to inform you of a recent security incident at [name of organization]. This notification is sent pursuant to the New York State Information and Security Breach and Notification Act (General Business Law Section 899-aa or State
Technology Law Section 208).
[Describe what happened in general terms including the date of the security incident, specific categories of personal/
private information that were involved, what you are doing in response and inform the letter’s recipient as to what
they can do to protect themselves as indicated below.)
To protect yourself from the possibility of identity theft, we recommend that you immediately place a fraud alert on your credit files. A fraud alert conveys a special message to anyone requesting your credit report that you suspect you were a victim of fraud. When you or someone else attempts to open a credit account in your name, the lender should take measures to verify that you have authorized the request. A fraud alert should not stop you from using your existing credit cards or other accounts,but it may slow down your ability to get new credit. An initial fraud alert is valid for ninety (90) days. To place a fraud alert on your credit reports, contact one of the three major credit reporting agencies at the appropriate number listed below or via their website. One agency will notify the other two on your behalf. You will then receive letters from the agencies with instructions on how to obtain a free copy of your credit report from each.
New York residents can also consider placing a Security Freeze on their credit reports. A Security Freeze prevents most
potential creditors from viewing your credit reports and therefore, further restricts the opening of unauthorized accounts. For more information on placing a security freeze on your credit reports, please go to the New York Department of State Division of Consumer Protection website at http://www.dos.ny.gov/consumerprotection.
When you receive a credit report from each agency, review the reports carefully. Look for accounts you did not open, inquiries from creditors that you did not initiate, and confirm that your personal information, such as home address and Social Security number, is accurate. If you see anything you do not understand or recognize, call the credit reporting agency at the telephone number on the report. You should also call your local police department and file a report of identity theft. Get and keep a copy of the police report because you may need to give copies to creditors to clear up your records or to access transaction records.
Even if you do not find signs of fraud on your credit reports, we recommend that you remain vigilant in reviewing your credit reports from the three major credit reporting agencies. You may obtain a free copy of your credit report once every 12 months by visiting www.annualcreditreport.com, calling toll-free 877-322-8228 or by completing an Annual Credit Request Form at:
www.ftc.gov/bcp/menus/consumer/credit/rights.shtm and mailing to:
Annual Credit Report Request Service,
P.O. Box 1025281
Atlanta, GA 30348-5283
For more information on identity theft, you can visit the following websites:
New York Department of State Division of Consumer Protection: http://www.dos.ny.gov/consumerprotection
NYS Attorney General at: http://www.ag.ny.gov/home.html
Federal Trade Commission at: www.ftc.gov/bcp/edu/microsites/idtheft/
If there is anything [name of your organization and website] can do to further assist you, please call [name] and [phone
Please note: This sample letter from a breaching entity to notify New York residents of a security breach incident is for informational purposes only andshould not be construed as legal advice and/or as policy of the State of New York. It is recommended that you speak with a privacy professional and/or an attorney for further advice.