T-Mobile announced in a Form 8-K last month that it had suffered a cybersecurity breach that could present “significant,” yet probably not material, costs to the company. The disclosure included a swath of information — including details on the types of files accessed by bad actors, where hackers probably got into T-Mobile’s systems and a nod toward the company’s cybersecurity investments.

Sources say that boards are carefully mulling over what information their company wants to reveal in these federal filings, especially as the Securities and Exchange Commission puts the finishing touches on its proposed rule on cyber-breach disclosure.

At least five S&P 500 companies filed Form 8-Ks last year alerting the public of a cybersecurity incident or attack, according to data from public company intelligence provider MyLogIQ. An Agenda analysis reveals a wide range of information that companies are putting into the filings.