Data breaches of companies in various industry segments have seen a significant increase over the past decade. Consumer data ranging from emails and bank account information to health information has been compromised through such data breaches that have raised grave information security and privacy concerns among the users and the organizations alike. Companies that are experiencing these data breaches have an obligation to communicate information about these incidents to their stakeholders and they do so through their financial reports. In this article, we analyze financial reports from a text analysis standpoint to identify key trends and formulate theoretical propositions. In that regard, we build on legitimacy theory as a foundation, and consider several factors such as the size of the data breach, type of information compromised, and coverage in the media.