The IT department of XYZ Corporation has detected a cyber attack on their network. The attack has resulted in the theft of sensitive customer information, including credit card numbers and social security numbers. The CISO is responsible for communicating the breach to affected customers. Which of the following actions should the CISO take to effectively communicate the breach to customers?