Which of the attached letters would a CEO prefer to write?

Yesterday after reading the announcement letter from Anthem’s CEO I recalled a conversation from last week with a few individuals from LifeLock.

That conversation led me to take the actual letter from Anthem’s CEO, make it generic and highlight the specific area on how an individual whose data had been compromised would be assisted – letter #1.  Letter #2 is simply modified to communicate a more positive approach than that of #1.  Making letter #2 possible is as easy as the decision to make LifeLock available to employees.

Given the magnitude of this breach and the freshness on everyone’s mind, the question of “which letter would you care to write” is a strong question to ask a decision maker.

#1

To Our (Employees),

Safeguarding your personal and financial information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, (Company) was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to (Company’s) IT system and have obtained personal information of our current and former (employees) such as names, birth dates, social security numbers, street addresses, email addresses and employment information, including income data.

Once the attack was discovered, (Company) immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. (Company) has also retained (Company), one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape.

(Company’s) own associates’ personal information – including my own – was accessed during this security breach. We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data.

(Company) will individually notify current and former members whose information has been accessed. We will provide credit monitoring and identity protection services free of charge so that those who have been affected can have peace of mind. We have created a dedicated website – (www.Company.com) – where members can access information such as frequent questions and answers. We have also established a dedicated toll-free number that both current and former members can call if they have questions related to this incident. That number is: (1-800-000-0000). As we learn more, we will continually update this website and share that information with you.

I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information. We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in (Company).

Sincerely,

(Chief Executive Officer)
(Company)

 

#2

To Our (Employees),

Safeguarding your personal and financial information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, (Company) was the target of a very sophisticated external cyber attack. These attackers gained unauthorized access to (Company’s) IT system and have obtained personal information of our current and former (employees) such as names, birth dates, social security numbers, street addresses, email addresses and employment information, including income data.

Once the attack was discovered, (Company) immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation. (Company) has also retained (Company), one of the world’s leading cybersecurity firms, to evaluate our systems and identify solutions based on the evolving landscape.
We understand your concern and frustration, and I assure you that we are working around the clock to do everything within our power to further secure your data.

No company is immune to the continual threat and potential breach of its IT systems and must do all it can to be prepared for such an event. That is exactly the reason why in (2014), (Company) chose to (make available) the LifeLock Identity Protection Program for its employees. We will still individually notify current and former (employees) whose information has been accessed but rest assured that LifeLock will be proactively monitoring your confidential data in an effort to identify and stop misuse of your information before any damage is done. In addition to the peace of mind afforded through LifeLock, we have created a dedicated website – (www.Company.com) – where (employees) can access information such as frequent questions and answers. We have also established a dedicated toll-free number that both current and former (employees) can call if they have questions related to this incident. That number is: (1-800-000-0000). As we learn more, we will continually update this website and share that information with you.

I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information. We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in (Company).

Sincerely,

(Chief Executive Officer)
(Company)