When your email account gets hacked, the clock starts ticking. Not only do you need to secure your account and assess the damage, but you also need to communicate effectively with everyone who was affected. Whether contacts received phishing emails from your compromised account, customers had their data exposed, or you simply need to alert your service provider, having the right words ready can make the difference between minimizing damage and losing trust. This guide provides practical sample letters for hacked email scenarios, along with best practices for handling the aftermath of an email security incident.
Proactive AI-powered threat detection can help identify suspicious login attempts before damage occurs, while automated monitoring systems can alert you the moment unusual activity is detected.
Immediate Response: What to Do First
When you discover your email has been compromised, taking immediate action is essential to limit damage and protect those affected. Start by changing your password immediately and enabling two-factor authentication if not already active. Review your account settings for any unauthorized changes, such as forwarding rules, recovery email addresses, or auto-responders that the hacker may have set up. Check your sent folder to understand what messages were sent from your account--this will help you identify who needs to be notified. Scan your devices for malware using reputable security software, as the breach may have originated from a compromised device rather than a weak password.
Notifying Your Contacts
One of the most important steps after an email hack is informing everyone who received messages from your compromised account. Many recipients may have received phishing attempts, requests for sensitive information, or links to malicious websites. A prompt, honest notification helps prevent others from falling victim to scams that appear to come from you.
Secure Your Account
Change password immediately and enable two-factor authentication
Review Account Settings
Check for unauthorized forwarding rules, recovery emails, or auto-responders
Document the Breach
Take screenshots and record when the compromise was discovered
Check Sent Messages
Review sent folder to identify what emails were sent from your account
Scan for Malware
Run security scans on all devices that access the compromised account
Contact Provider
Report the incident to your email service provider's support team
Sample Letter: Notification to Email Contacts
Template for Notifying Personal or Business Contacts
Subject Line: Important: My Email Account Was Compromised -- Please Disregard Recent Emails
Dear [Contact Name],
I want to inform you about a security incident affecting my email account. On [date], I discovered that my email account had been accessed without authorization. As a result, some emails sent from my account during this period may not have been sent by me.
I have already taken steps to secure the account, including changing my password and enabling additional security measures. However, if you received any unusual emails from me around [date range], please do not click on any links or provide any personal information in response to those messages.
If you did respond to any suspicious emails or click on links, I recommend:
- Running a malware scan on your computer
- Changing any passwords that may have been exposed
- Monitoring your accounts for unusual activity
I sincerely apologize for any concern or inconvenience this may have caused. If you have any questions or noticed anything suspicious, please don't hesitate to reach out to me directly.
Best regards, [Your Name] [Contact Information]
Key Elements Explained
The subject line uses clear, direct language that encourages recipients to open the message immediately--this urgency can prevent them from falling for subsequent phishing attempts. The opening sentence clearly states what happened without unnecessary technical jargon. By specifying the date range of the compromise, you help recipients determine which emails might be suspicious. The action items are concrete and actionable, giving readers clear next steps rather than leaving them uncertain. The closing conveys personal responsibility and leaves the door open for questions, maintaining relationships despite the incident.
Sample Letter: Customer or Client Notification
Template for Business Contexts
Subject Line: Security Notice Regarding [Company Name] Email System
Dear [Customer/Client Name],
I am contacting you to inform you of a security incident involving our company's email system. On [date], we discovered that an unauthorized party had gained access to [Company Name] email accounts, including the account associated with your communications with us.
What happened: An unauthorized individual accessed certain company email accounts between [start date] and [end date]. During this period, emails sent from our system may have included links to external websites or requests for information.
What information may have been affected: Depending on the emails in our system, this could include [describe general categories: names, email addresses, perhaps transaction details if applicable].
What we are doing: We have [list actions taken: engaged cybersecurity experts, notified law enforcement, implemented additional security measures, etc.].
What you should do: If you received any emails from us between [dates] that asked you to provide passwords, financial information, or click on links, please:
- Do not respond to those emails or click any links
- If you did click a link or provide information, change your password immediately
- Contact us at [dedicated email/phone] if you have concerns
We take the security of your information seriously and are committed to preventing future incidents. We will provide updates as our investigation continues.
For questions, please contact: [Dedicated contact information]
Sincerely, [Name] [Title] [Company Name]
Legal and Regulatory Considerations
Depending on your jurisdiction and the nature of the data potentially exposed, you may have legal obligations to notify authorities and affected individuals. Under the General Data Protection Regulation (GDPR), organizations must report personal data breaches to supervisory authorities within 72 hours of becoming aware of the incident, unless the breach is unlikely to result in a risk to individuals' rights and freedoms. For breaches that pose a high risk, affected individuals must also be notified directly. Similar requirements exist under various U.S. state laws, Canada's PIPEDA, and other privacy regulations.
| Regulation | Notification Timeline | Authority Notice | Individual Notice |
|---|---|---|---|
| GDPR (EU) | 72 hours if risk to individuals | Required for all breaches | Required for high-risk breaches |
| CCPA (California) | Without unreasonable delay | Required | Required |
| PIPEDA (Canada) | As soon as feasible | Required | Required |
| HIPAA (US Healthcare) | 60 days | Required (HHS) | Required |
| State Laws (Vary) | Varies by state | Often required | Often required |
Recovery and Prevention: What to Include in Communications
Steps to Prevent Future Incidents
Your communication after an email hack should not only address the immediate incident but also demonstrate your commitment to preventing future breaches. This builds trust and shows stakeholders that you take security seriously. Discuss the specific measures you're implementing:
- Two-factor authentication -- Adding an extra layer of security beyond passwords
- Advanced threat detection -- Implementing AI-powered spam and phishing filters to identify and block suspicious messages before they reach inboxes
- Regular security audits -- Conducting periodic reviews of account activity to identify anomalies
- Staff training programs -- Educating team on security awareness and phishing recognition
- Third-party assessments -- Engaging external security experts for comprehensive evaluation
By leveraging AI and automation services, organizations can implement intelligent threat detection systems that continuously learn from new attack patterns and provide proactive protection against evolving email security threats.
Credit Monitoring
Complimentary services if financial information was potentially exposed
Dedicated Hotline
Phone line or email for questions about the incident
Identity Protection Guide
Resources on protecting against identity theft
Regular Updates
Commitment to communicate as investigation progresses
Best Practices for Hacked Email Communication
Tone and Transparency Guidelines
When communicating about a security incident, your tone should balance professionalism with genuine concern. Avoid being defensive or dismissive--acknowledge the inconvenience and potential risk created by the incident. Be as transparent as possible about what happened without revealing information that could aid attackers or compromise ongoing investigations. Use plain language rather than technical jargon that might confuse readers.
Key principles:
- Take responsibility without excuse-making
- Be honest about what you know and don't know
- Use clear, accessible language
- Express genuine empathy for affected parties
- Provide realistic timelines for updates
Timing and Follow-Up
Prompt communication is essential--ideally, you should notify affected parties within 24-48 hours of discovering a breach. After your initial notification, provide follow-up communications as new information becomes available, even if it's simply confirming that the situation remains under investigation.
For organizations seeking to strengthen their overall web security posture, implementing comprehensive email protection alongside website security creates multiple layers of defense against cyber threats.
Communication Timeline Best Practices
24-48hours
Initial notification target
72hours
GDPR authority deadline
Weekly
Update frequency during investigation
Final
Resolution notification
Quick Reference Templates
Short-Form Social Media Announcement
"Our email account was recently compromised. If you received unusual messages from us on [dates], please disregard them and don't click any links. We've secured the account and added extra protection. Contact us at [email] with questions."
Internal Team Notification
Subject: Security Incident -- Email Account Compromise
Team,
I want to inform you that [my account was compromised/our company's email system was breached] on [date]. [Brief description of what happened and when discovered].
If you sent or received emails during this period, please be aware that some messages may not have been authentic. Forward any suspicious emails to [security contact] and delete them from your inbox.
We have implemented [security measures taken]. All team members should [actions required: change passwords, enable 2FA, etc.].
Contact me directly if you have questions.