Internal Staff Talking Points (Confidential) Acknowledge the Situation: "Today, we informed the public about a cybersecurity incident involving unauthorized access to our systems, which resulted in the exposure of some customer financial data. Our investigation is ongoing." Provide Clear Instructions: "Do not discuss the specifics of the incident, our security protocols, or any unverified information on personal social media or with external contacts. All external communication is being managed centrally. If you are contacted by media, investors, or customers about this, immediately direct them to the Communications Department via media@ourcompany.com." Direct to Official Channels: "Please refer all customer inquiries to our dedicated support page, [Internal Link to Microsite], and the toll-free number established for this incident. This ensures consistent and accurate information is shared." Reaffirm Values & Next Steps: "This incident is contrary to our core value of trust. Our priority is supporting our customers and securing our systems. All customer-facing staff will receive additional briefing materials. We will hold a follow-up company-wide meeting on [Date] to provide further updates." Maintain Unity: "We understand this news is concerning. Please support each other and direct any internal questions to your direct manager or HR. We are navigating this as one team, with a focus on resolving this for our customers." Public Apology/Statement Draft (For CEO/Spokesperson) [For Immediate Release] Statement from [CEO Name], CEO of [Company Name], Regarding Data Security Incident We are deeply sorry. We have experienced a sophisticated cybersecurity attack that resulted in unauthorized access to our systems and the exposure of certain customer financial information, including names, payment card numbers, and billing addresses. We recognize the gravity of this situation and the anxiety it causes. Protecting your data is a fundamental responsibility, and we have fallen short. To every customer affected, we offer our sincerest apologies. Upon discovery, we immediately engaged a leading cybersecurity forensic firm to secure our systems, terminate the unauthorized access, and conduct a comprehensive investigation. We are working in close coordination with law enforcement and the relevant financial institutions. As an immediate step to protect you, we are offering 24 months of complimentary credit monitoring and identity theft protection services to all potentially impacted individuals. Details on enrollment are available on our dedicated response website. We are committed to complete transparency throughout this process. Our investigation will determine the full scope and cause of this incident, and we will share meaningful updates on our dedicated website: [URL for Incident Microsite]. We have established a dedicated, toll-free helpline at [Phone Number] for your questions. We will learn from this event and are already implementing additional security measures to ensure it does not happen again. Our work to rebuild your trust begins today. Tailored Social Media Replies a) Reply to an angry comment: "We are truly sorry for the fear and frustration this incident has caused you. We have failed in our duty to protect your data. Please visit [Link to Microsite] for the latest information and details on the complimentary credit monitoring we are providing to help protect you." b) Reply to a concerned but polite question: "Thank you for reaching out. We are actively investigating and have secured our systems. For the most current information and to see if you were impacted, please visit our dedicated resource page here: [Link to Microsite]. We appreciate your patience." c) Reply correcting a piece of factual misinformation: "To ensure everyone has accurate information, we want to clarify that the incident did not involve exposure of Social Security numbers or banking login credentials. The full details of what was involved and our response are outlined in our official statement here: [Link to Full Statement]."