Mandiant Victim Notification Program

3 min read

If you have received notification from Mandiant about a possible breach, please read below to understand why you received the communication.

When Mandiant discovers evidence of a potential compromise through threat intelligence research, incident response, or managed defense activities, Mandiant will attempt to notify the victim. Our aim is to know more about the adversaries than anyone, and we pride ourselves on helping others to benefit from that knowledge. No matter the organization’s size or customer status, when the intelligence is deemed to be accurate, timely, relevant, and impactful, Mandiant attempts to reach out directly to notify organizations of the evidence gathered. 

Organizations do not have to be a customer to receive a victim notification.

What is the Victim Notification Program?

If we see something, we say something. The mission of the Mandiant Victim Notification Program is to leverage the full range of Mandiant expertise and intelligence to protect the global community by providing actionable threat and breach intelligence to organizations that are being targeted by advanced threat actors.

Mandiant is recognized by enterprises, governments and law enforcement agencies worldwide as the market leader in threat intelligence and expertise gained on the frontlines of cyber security. Our industry leading threat researchers, reverse engineers, intelligence analysts and incident responders spend more than 200,000 hours per year responding to attacks.   

Mandiant maintains a broad and rapid collection and analysis of relevant and actionable threat intelligence from a variety of proprietary sources. The result of this analysis provides valuable information to impacted organizations – a critical component of dynamic cyber defense and response.

Through all of this data and intelligence, Mandiant frequently identifies potential victims with whom we may not have a prior relationship. Mandiant will make a best effort to identify relevant points of contact and provide timely notification with actionable intelligence, free of charge. 

Why does Mandiant provide victim notifications?

The Mandiant corporate mission is to make every organization secure from cyber threats and confident in their readiness, whether they are a customer or not. By providing these notifications quickly, the victim organization can begin to immediately investigate the issue.  

This proactive approach of notifying organizations has numerous benefits.  Mandiant consultants provide organizations with the threat information relative to their environment and the intelligence and actions they need to investigate and secure their environments. For example, in 2021 Mandiant consultants notified 678 organizations of an eminent ransomware attack and provided guidance for prevention and actions to take for containment and remediation. In many of these cases, the ransomware attack was entirely prevented through quick actions by the victim organization. 

Victim Notifications by the Numbers
Year    Number of Notifications Attempted    
    2019         524
    2020        1924

    2605 (678 notifications related to ransomware)



Who do I contact about a victim notification that I received?

If you have received notification from Mandiant and wish to verify the authenticity or ask questions, please reach out to: