After remediating an incident that resulted in unauthorized access to customer data, which of the following is the BEST method to communicate the incident's details to the affected customers?
Distribute the internal incident report to customers as it contains the most technical details.
Send an official notification to affected customers detailing the incident and recommended steps for them to take.
Tweet an alert from the company's official account advising customers to change their passwords.
Post a detailed description of the incident and its remediation steps on the company blog.
When communicating a security incident to customers, especially one that involves unauthorized access to their data, an official notification provides transparent, direct, and legally appropriate information. It is important these communications are clear, factual, and often they need to comply with data breach notification laws. The notification typically includes what happened, what information was involved, what the company has done to address the breach, and what actions customers can take to protect themselves. A blog post might not be formal or targeted enough, a tweet is too informal and limited in detail, and internal documentation is not intended for customers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What should be included in an official notification to affected customers?
Open an interactive chat with Bash
What are data breach notification laws and why do they matter?
Open an interactive chat with Bash
Why is a blog post or tweet insufficient for communicating a security incident?