Threat Intelligence
SkeletonXE - Responding to the CISCO Vulnerability (CVE-2023-20198)
November 7, 2023
by George Glass, Ryan Hicks
Data Breach Notification Letters
Kroll will work with your team to implement a personalized, plain-language notification letter that provides pertinent information and maintains message control.
Contact UsExplore Cyber and Data Resilience
The art of crafting a notification letter is one that can sometimes be taken for granted – and yet it is your primary communication with stakeholders regarding your data security incident, making it of great significance in controlling your message and quelling breach population fears. There are many nuances, but any good letter will include some basic information:
- All notification letters, within the confines of what’s allowed by law, contain some explanation of the event. Of course, what happened may not be uniform across an entire population – a breach may have distinct recipient populations requiring different letters. This could be based not only upon what was lost or exposed for each group, but also demographic makeup or state-by-state regulatory requirements.
- Contact information will direct individuals to Kroll's call center or another designated source for further information about the breach or identity theft threat that may be present.
- Many state laws require organizations to include information on standard consumer protection rights, such as how to place a fraud alert or credit freeze.
- An organization may choose to include information on what steps are being taken to protect stakeholders’ sensitive information. This may also include information on identity monitoring services that are being provided to the affected population.
Your Kroll team will work with you and your legal counsel to draft a personalized, plain-language communication that provides information about your data breach event, as well as the solutions being offered. We’ll segment your letters by state to address unique regulatory stipulations and will optimize delivery routes to help you meet required deadlines.
Once the letter has been drafted, Kroll will also be on hand to assist with the logistics of mailing, and preparing for responses from your affected population. We will work closely with your team to optimize speed and deliverability, while also reducing unnecessary notification costs. Kroll’s team can work with you to:
- Standardize and scrub your mailing list for optimal delivery
- Assemble the most up-to-date contact information based on the National Change of Address database to improve delivery outcomes
- Eliminate duplicate entries
- Provide you with comprehensive reports that demonstrate and document your best effort to locate, notify and serve those people affected by your event
- Help you compile contact information for incomplete or missing addresses
- Manage returned mail
Once this is completed, we can review your mailing list and separate the groups that require special handling, such as: children, adults, expatriates or decedents. We can separate these categories, identifying which individuals might have special considerations for consumer services, or groups that are at a higher risk based on information lost.
Cyber and Data Resilience
Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.
Incident Response and Litigation Support
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle, including litigation demands. Gain peace of mind in a crisis.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Kroll Responder
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Virtual CISO (vCISO) Advisory Services
Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.
Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
SkeletonXE - Responding to the CISCO Vulnerability (CVE-2023-20198)
Cyber
Critical Unauthenticated SQL Injection Vulnerability Patched in WooCommerce
August 16, 2021
by Roman Guillermo, George Glass, Cristhian Parrot
Cyber
EPHEMERAL LOCKPICKER: Malware Leveraged for Novel Intrusion Lifecycle and LuckyDay Ransomware Delivery
May 10, 2021
by Josh Mitchell, Mario Ciccarelli
Cyber
Whitepaper - Data Breaches in the Healthcare Industry
November 19, 2020
Kroll is headquartered in New York with offices around the world.
One World Trade Center
285 Fulton Street, 31st Floor
New York NY 10007
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2025 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.