menu
save_alt 다운로드

Data Breach Notification Template

Effective February 9, 2026

< Back

Purpose

This template provides standardized formats for notifying customers of data breaches affecting our cloud services. Timeline: Within 72 hours of breach confirmation.

Our Architecture: Beekeeper Studio is a desktop database client. Customer database queries and results are processed locally. This template covers breaches of our cloud services (account data, billing, license, support, optional workspace sync). See Data Flow Diagram.

When to Use: Follow Incident Response Plan Phase 6 (Notification) when customer data in our cloud services is exposed.

Template 1: General Customer Breach Notification

Timeline: Within 72 hours of breach confirmation

SUBJECT: Security Incident Notification - Beekeeper Studio - [Date]

TO: [Customer Contact Email]
FROM: Beekeeper Studio Security Team (support@beekeeperstudio.io)
DATE: [Date of Notification]
RE: Security Incident Notification


Dear [Customer Name],

We are writing to inform you of a security incident that may have affected
your data in our cloud services.

We are providing this notification within seventy-two (72) hours of
confirming the incident. This notification contains the information
currently available; we will provide updates as our investigation continues.


1. PROVIDER CONTACT INFORMATION

Company Name: Beekeeper Studio
Contact Person: [Security Contact Name]
Title: Security Contact / Data Protection Officer
Email: support@beekeeperstudio.io
Phone: [Phone Number]
Address: [Business Address]


2. DATE OF NOTICE

Notification Date: [Date this email is sent]
Time of Notice: [Time in local time zone]


3. DATE OF BREACH

[ ] Specific Date:
    The breach occurred on: [YYYY-MM-DD at HH:MM timezone]

[ ] Estimated Date:
    We estimate the breach occurred on or around: [YYYY-MM-DD]

[ ] Date Range:
    The breach occurred between [Start Date] and [End Date]

Discovery Date: The breach was discovered on [YYYY-MM-DD at HH:MM]
Confirmation Date: The breach was confirmed on [YYYY-MM-DD at HH:MM]


4. LAW ENFORCEMENT INVESTIGATION

[ ] Notification was NOT delayed by law enforcement

[ ] Notification was delayed by law enforcement:
    - Law Enforcement Agency: [Agency Name]
    - Contact: [Agent Name and Contact]
    - Reason for Delay: [Brief explanation]
    - Delay Period: [Number of days]


5. DESCRIPTION OF THE DATA BREACH

Nature of the Breach (select all that apply):

[ ] Unauthorized Access
    An unauthorized party gained access to systems containing customer data.
    - Attack Vector: [How attacker gained access]
    - Systems Affected: [Production database, backup systems, etc.]
    - Duration of Unauthorized Access: [Time period]
    - Actions Taken by Attacker: [Data viewed, copied, modified, deleted]

[ ] Unauthorized Disclosure
    Customer data was disclosed to unauthorized parties.
    - Disclosure Method: [Email to wrong recipient, public exposure, etc.]
    - Who Received Data: [Known or unknown third party]
    - Duration of Exposure: [How long data was accessible]

[ ] Unauthorized Acquisition
    Customer data was copied or exfiltrated from our systems.
    - Data Exfiltration Method: [Download, API calls, database export, etc.]
    - Volume of Data: [Approximate number of records or file size]
    - Destination: [If known, where data was sent]

[ ] Data Integrity Compromise
    Customer data was modified or deleted without authorization.
    - Type of Modification: [Records altered, data deleted, corrupted]
    - Extent of Damage: [Number of records affected]
    - Data Recovery Status: [Restored from backup, partially recovered, etc.]

Technical Summary:
[Provide technical details appropriate for recipient's security team]

Root Cause:
[Brief explanation of how the breach occurred]


6. DATA REASONABLY BELIEVED TO HAVE BEEN INVOLVED

Data Categories Affected (check all that apply):

[ ] Account information (names, email addresses)
[ ] Hashed passwords
[ ] Workspace data (saved queries, connection configurations)
[ ] Support ticket contents
[ ] Billing metadata (no card numbers - handled by Stripe)
[ ] Application usage metadata (IP addresses, cookies)
[ ] Other: [Specify]

For NDPA customers with student data, also check from NDPA Exhibit B:
[ ] Student identifiers (school/state IDs, usernames)
[ ] Student names
[ ] Student contact information
[ ] Parent/guardian contact information
[ ] Demographics (DOB, gender, ethnicity, language)
[ ] Enrollment information (school, grade level, graduation year)
[ ] Assessment/transcript data (grades, scores)
[ ] Schedule information (courses, teacher names)
[ ] Special indicator information (ELL, disability, IEP/504)
[ ] Attendance data
[ ] Conduct/behavioral data
[ ] Communications
[ ] Student work/generated content
[ ] Transportation data
[ ] Other: [Specify]

Estimated Number of Records Affected:
- Total records: [Number or range]
- Total data elements exposed: [Number]
- Organizations affected: [List if known]


7. IDENTIFICATION OF IMPACTED INDIVIDUALS

- Customers affected: [Approximate number]
- For NDPA: Students affected: [Approximate number]
- For NDPA: Parents/Guardians affected: [Approximate number]

Individual Notification:
[ ] Customer/LEA will notify affected individuals
[ ] Beekeeper Studio will assist with notification
[ ] Beekeeper Studio will directly notify (only if agreed upon)


8. REMEDIATION ACTIONS TAKEN

Immediate Containment (Completed):
[X] Terminated attacker's access
[X] Patched exploited vulnerability
[X] Isolated affected systems
[X] Revoked compromised credentials
[X] Blocked attacker access at platform level
[X] Increased monitoring and alerting
[X] Other: [Specify]

Forensic Investigation (In Progress/Completed):
[X] Preserved evidence for investigation
[X] Analyzed attack timeline and scope
[X] Identified root cause
[X] Confirmed data exfiltrated (if any)
[X] Engaged third-party forensics firm: [Firm name, if applicable]

Long-Term Remediation (Planned/In Progress):
[ ] Enhanced security controls: [Describe]
[ ] Additional security monitoring: [Describe]
[ ] Security architecture review: [Scope]
[ ] Penetration testing: [Planned date]
[ ] Staff security training: [Planned date]

All remediation actions will be completed by [Date].


9. RESOURCES AVAILABLE TO AFFECTED INDIVIDUALS

[Include if applicable:]

Credit Monitoring: [If SSNs or financial data exposed] We are offering
[Duration] of free credit monitoring through [Provider].

Identity Theft Protection: Resources available at [URL or attachment].

Contact for Questions:
- Email: support@beekeeperstudio.io
- Phone: [Phone Number]
- Hours: [Business hours and timezone]


10. NEXT STEPS AND TIMELINE

Immediate (within 24 hours):
- Provide detailed list of affected individuals (if requested)
- Share technical details with security team (if requested)
- Schedule follow-up call

Within 7 days:
- Provide preliminary investigation report
- Confirm completion of immediate remediation

Within 30 days:
- Provide final investigation report
- Document all remediation actions completed
- Conduct post-incident review
- Share lessons learned and preventive measures

Ongoing:
- Weekly status updates until incident fully resolved
- Monthly security briefings for 6 months post-incident


11. SUPPORT AND COOPERATION

Beekeeper Studio commits to:
- Full cooperation in responding to this breach
- Transparent communication as investigation progresses
- Sharing forensic findings and evidence as requested
- Providing all required documentation for reporting obligations

We are prepared to assist with:
- Draft notification letters to affected individuals
- FAQ document for your organization to share
- Technical briefing for your security team
- Media coordination (if requested)


12. CONTACT INFORMATION

Primary Contact:
[Security Contact Name]
Security Contact / Data Protection Officer
Email: support@beekeeperstudio.io
Phone: [Phone Number]
Available: [Hours and timezone]

Executive Contact:
[CTO or CEO Name], [Title]
Email: [Email]
Phone: [Phone Number]

Legal Contact (if needed):
[Legal Counsel Name], [Law Firm]
Email: [Email]
Phone: [Phone Number]


13. ATTACHMENTS

[ ] Detailed technical incident report
[ ] List of affected individual IDs (encrypted)
[ ] Timeline of breach events
[ ] Draft notification letter for affected individuals (for review)
[ ] FAQ document


We deeply regret this incident and the impact on [Customer/LEA Name]. We
take our responsibility to protect your data with the utmost seriousness
and have taken immediate action to remediate this breach and prevent future
incidents.

We will continue to provide updates as our investigation progresses and
remain available to answer any questions or provide additional information.

Please reply to this email to confirm receipt of this breach notification.

Sincerely,

[Name]
[Title]
Beekeeper Studio
[Date]

Template 2: Follow-Up Breach Notification

Use when: Additional information becomes available after initial 72-hour notification

SUBJECT: Data Breach Update - [Customer/LEA Name] - [Date]

TO: [Customer/LEA Representative]
FROM: Beekeeper Studio Security Team
DATE: [Date]
RE: Updated Information Regarding Data Breach Notified on [Initial Notification Date]


Dear [Representative Name],

This message provides updated information regarding the data breach we
notified you about on [Initial Notification Date].

INVESTIGATION UPDATE:
[Provide new information discovered]

UPDATED SCOPE:
[If scope changed, provide updated numbers and data elements]

ADDITIONAL REMEDIATION:
[Describe any new actions taken]

REVISED TIMELINE:
[If timeline changed, provide updated milestones]

Please contact us at support@beekeeperstudio.io or [Phone] with any
questions.

Sincerely,
[Name], [Title]
Beekeeper Studio

Template 3: Customer (Non-NDPA) Data Breach Notification

Use when: Breach affects customer data but not student data covered by NDPA

SUBJECT: Security Incident Notification - [Date]

TO: [Customer Email]
FROM: Beekeeper Studio Security Team
DATE: [Date]


Dear [Customer Name],

We are writing to inform you of a security incident that may have affected
your Beekeeper Studio account.

WHAT HAPPENED:
[Brief, customer-friendly description of breach]

WHAT INFORMATION WAS INVOLVED:
[List data types - email, hashed passwords, workspace configurations, etc.]

WHAT WE'RE DOING:
[Describe remediation actions]

WHAT YOU SHOULD DO:
[Recommendations - reset password, enable MFA, monitor account, etc.]

QUESTIONS:
Contact us at support@beekeeperstudio.io

We sincerely apologize for this incident and any inconvenience it may cause.

Sincerely,
Beekeeper Studio Security Team

Notification Checklist

Before sending breach notification, verify:

  • Timing: Notification sent within 72 hours of breach confirmation
  • Recipients: Correct LEA designated representative and security contact
  • Required Elements: All 7 NDPA Section 5.4 elements included:
    1. Provider contact information
    2. Date of notice
    3. Date of breach (or estimated date/range)
    4. Law enforcement delay status
    5. General description of breach
    6. Student data involved (specific data elements)
    7. Impacted individuals identified
  • Legal Review: Notification reviewed and approved by legal counsel
  • Executive Approval: Notification approved by CTO and CEO
  • Accuracy: All information verified and accurate
  • Attachments: All referenced attachments included
  • Encryption: Sensitive attachments encrypted
  • Contact Info: All contact information accurate and monitored
  • Documentation: Copy of notification saved to incident folder
  • Delivery Confirmation: Request read receipt or delivery confirmation

Post-Notification Actions

Immediately After Sending:

  • Document exact time notification sent
  • Save sent email to incident folder
  • Create calendar reminder for follow-up
  • Brief customer support team on expected inquiries

Within 24 Hours:

  • Confirm receipt with LEA
  • Respond to any immediate questions
  • Schedule follow-up call if requested

Within 7 Days:

  • Provide any additional information requested
  • Send first status update
  • Provide preliminary investigation report

Within 30 Days:

  • Provide final investigation report
  • Complete all remediation actions
  • Conduct post-incident review

NDPA Addendum: For Educational Institutions

For educational customers under NDPA agreements, modify Template 1 as follows:

SUBJECT LINE: Add "per NDPA Section 5.4"

OPENING (replace first paragraph with):
This notification serves to inform you of a data breach covered by our
National Data Privacy Agreement (NDPA) effective [Date].

ADDITIONAL REQUIRED FIELDS:
- LEA Designated Representative (from NDPA signature page)
- Whether student data was affected
- Number of students affected (if known)
- NDPA-specific obligations being fulfilled

Template 1 already includes the NDPA student data categories in Section 6.

Security Policies

Document Information

Version: 2.0
Effective Date: 2026-02-09
Last Reviewed: 2026-02-09
Next Review Due: 2027-02-09
Owner: CTO / Security Contact
Approved By: CEO

Changes from v1.0: Clarified desktop app architecture, made NDPA version optional (Template 2), emphasized 72-hour timeline, added cross-references to legal documents.

Important: This is a template. Always have legal counsel review before sending actual breach notifications.