Verizon Enterprise Solutions has suffered a data breach of their customer data.

"Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.

The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site."

Verizon communicated to KrebsOnSecurity that "the company recently identified a security flaw in its site that permitted hackers to steal customer contact information, and that it is in the process of alerting affected customers."

More Information: http://krebsonsecurity.com/2016/03/crooks-steal-sell-verizon-enterprise-...

Staminus Communications Inc. has notified individuals of a data breach when their network was hacked and their site went down. Customer credentials, support tickets, credit card numbers and other sensitive data showed up on online download links.

More information: http://krebsonsecurity.com/2016/03/hackers-target-anti-ddos-firm-staminus/

1-800-Flowers customer service received reports on February 15, 2016 from customers that they couldn't complete their online orders. The company investigated and discovered from February 15th, 2016 through February 17th, 2016 orders that were placed may have been compromised customer personal information.

Information compromised may have included names, addresses, email addresses, payment card numbers, expirations dates and security codes.

For those that were affected can call 888-687-9294 from 9 a.m to 7 p.m EST.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60377

Billy Casper Golf has notified customers of a data breach when they were a target of email spoofing attack. Hackers were able to obtain information from individuals W-2 information. The spoofing email appeared as if it was coming from the CEO asking for all 2015 employee W2 information.

For those with questions call 877-213-5100 Monday through Friday from 9:00 a.m. to 7 p.m. EST and provide reference number 9416022816.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60368

Turner Construction notified individuals of a data breach when certain personal information was disclosed in an email to an unauthorized party.

The information included names, Social Security number, name of each state in which wages or taxes are reported, federal, state, local and Medicare earnings and tax withholding data.

The company is providing identity monitoring services through Kroll. For those affected call 1-877-451-9366.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60340

Seagate notified current and former employees of a data breach, when an employee feel for a phishing attack that exposed W2 information of employees.

"Email scam artists last week tricked an employee at data storage giant Seagate Technology into giving away W-2 tax documents on all current and past employees, KrebsOnSecurity has learned. W-2 forms contain employee Social Security numbers, salaries and other personal data, and are highly prized by thieves involved in filing phony tax refund requests with the Internal Revenue Service (IRS) and the states."

The information compromised includes all information found on a W2 form, which includes Social Security numbers.

The company is not saying exactly how many individuals were affected at this time, only that “It’s accurate to say several thousand. But less 10,000 by a good amount.”

More information: https://krebsonsecurity.com/2016/03/seagate-phish-exposes-all-employee-w...

Rosen Hotels have notified customers of a data breach when unauthorized charges occurred on payment cards after guests used their payments during their stay. The hotel discovered that an unauthorized malware was installed on their payment card network.

The information compromised included card numbers, expiration dates, and internal verification codes. Cards used from September 2, 2014 and February 18, 2016.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60301

21st Oncology notified individuals of a data breach of patient information via unauthorized access to their database.

The information compromised included names, Social Security numbers, physician's name, diagnosis and treatment information, and insurance information.

The company is offering Experian's Protect My ID to those who were affected.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60307

UPDATE (3/24/2016): 3 class action lawsuits have been filed against 21st Century Oncology over a major data breach of patient data. "Patients affected by a recent computer data breach at 21st Century Oncology have filed federal class-action lawsuits, claiming the Fort Myers-based cancer-care provider failed to adequately protect sensitive medical and personal information."

More Information: http://www.news-press.com/story/news/2016/03/23/21st-century-breach-prom...

Snapchat has notified current and former employes of a phishing scam that targeted their payroll department that compromised employee information.

The information compromised included names, Snapchate employee ID, Social Security numbers, state of residence and work, 2015 wages earned, including stock-option gains, costs of company paid benefits for life and health insurance, relocation reimbursements, employee contricutions to retirement, dependent care, and healthcare plans, additional required payments and taxes withheld.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60310

Central Concrete Supply Company notified employees of a data breach when they discovered a third party gained access to copies of employees W2 information along with tax withholding statements that contained personal information of the employees.

The information compromised included employer name, employee names, addresses, phone numbers, tax identification numbers, social security numbers, and income information.

The company has retained Kroll to provide identity theft protection for one year for free.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60270

Bailey's Inc. have notified  customers of a data breach when an unauthorized party access their website server, obtaining credit card information of customers who puchased items from the company's online store.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59802

Hollywood Presbyterian Hospital paid $17,000 in bitcoin in order to retrieve records they held for ransom against the hospital. The hackers installed a malicious ransomware on their server to hold patient records hostage so the hospital staff could not access any record.

More information: http://www.csmonitor.com/USA/Justice/2016/0218/Why-California-hospital-p...

Magnolia Health Corporation has notified individuals of a data breach when someone impersonating the CEO in an email, obtained personal information for all active employees of the health center. Magnolia Health Corporation and each of their facilities managed including Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation And Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc., Merritt Manor Inc.

The personal information compromised included employee numbers, names, addresses, city, state, zip code, sex, dates of birth, Social Security numbers, hire dates, seniority dates, salary/hourly, salary/rates, departments, job titles, last dates paid, and names of facility.

More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60061

"The IRS revealed on Tuesday that it discovered and stopped an automated cyberattack on its e-filing personal identification number (PIN) system last month. According to the IRS, the cybercriminals used information stolen “elsewhere outside the IRS” to generate e-file PINs for stolen Social Security numbers (SSNs). E-file PINs are used by some taxpayers to electronically file their tax returns.

Although no personal taxpayer data were compromised or disclosed by the breach, the IRS noted that the cybercriminals succeeded in using 101,000 SSNs to access e-file PINs (out of 464,000 attempts)."

The IRS is notifying individuals and placing markers on their tax accounts to try and catch any fraudulent tax returns being filed.

More information: http://www.journalofaccountancy.com/news/2016/feb/irs-data-breach-expose...

"The Washington State Health Authority (HCA) said Tuesday that an employee mishandled the Social Security numbers, dates of birth, Apple Health client ID numbers and private health information of 91,000 Apple Health (Medicaid) clients."

The employees involved worked at two different state agencies and they exchanged files of clients which violates HIPAA. They are not clear if any of the files were disseminated beyond the two employees who exchanged the files.

More information: http://www.king5.com/story/news/health/2016/02/09/state-data-breach-impa...

Bajabound.com notified customers of a data breach when they discovered an agent's email account was compromised through a phishing attack. The company investigated the incident and the phishing was meant to collect email addresses.

The information that was compromised included names, addresses, dates of birth, driver's license numbers, and credit card numbers.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-60000

Gyft notified customers of a data breach when they discovered unauthorized access to two cloud providers used by the company contained personal information of customers.

The information compromised included names, addresses, dates of birth, phone numbers, email addresses, and gift card numbers. Gift cards may have been used to make purchases on their site. The dates of the breach were March 19, 2015 and December 4, 2015.

For additional information on the breach go to www.myidcare.com/gyft.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59990

The University of Central Florida notified current and former students of a data breach when they discovered unauthorized access into the university system.

The information compromised included financial records, medical records, grades and Social Security numbers.

"We have established a call center that you can contact at 877-752-5527 between 9 a.m. and 9 p.m. EST Monday through Friday if you have questions about this incident."

The university will be providing one year free of credit monitoring to those who were affected

More information: http://www.ucf.edu/datasecurity/

Grx Holdings, LLC dba Medicap Pharmacy notified Health and Human Services of a data breach when they suffered a loss of information. There are no specifics as to what kind of loss it was or what type of information was compromised.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

HMSA notified 10,800 members of a data breach when letters communicating care management went to the wrong addresses.

The information compromised included patient names, management of certain health conditions and steps individuals could take to identify or treat an ailment.

"Members are encouraged to visit hmsa.com/media-center to see copies of the letters. Members who have questions about this mailing can visit an HMSA Center or office. They can also call (808) 948-6404 on Oahu and 1 (800) 459-3963 toll-free on the Neighbor Islands or the Mainland, from 8 a.m.- 5 p.m. Hawaii Time, Monday to Friday."

More information: https://hmsa.com/media-center/2015/12/letter-error/

IA 134 notified individuals of a data breach when a laptop that belonged to the organization was connected to a network at Levi's Stadium was hacked compromising personal information.

Individual Social Security numbers may have been compromised.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59899

Neiman Marcus has notified individuals of a data breach when the company discovered unauthorized access to online accounts on or around December 26, 2015.

The information compromised included usernames, passwords, names, mailing addresses, phone numbers, last four digits of payment card along with purchase histories.

"The firm suspects the attacker obtained the login credentials from large breaches at other companies where login names and passwords were stolen in order to gain unauthorized access to other accounts where victims might use the same credentials. Rawlinson said, customers will be required to reset their passwords on all NMG websites the next time they log into their accounts."

More information: http://www.scmagazine.com/attacker-accesses-5200-neiman-marcus-group-cus...

Tax Slayer is notifying customers of a data breach that may have affected their 2014 tax return information. The company is stating that an unauthorized party accessed the information through a third party vendor. The company is not stating who the vendor is.

The information compromised included names, addresses, Social Security numbers, Social Security numbers of independents and other data contained in a tax return.

"The company is making $1 million worth of identity theft insurance available to those affected for one year along with credit monitoring for the same period. The company is recommending that these individuals change not only their TaxSlayer user names and passwords, but also those on any other accounts on which they are used."

More information: http://www.scmagazine.com/taxslayer-breached-8800-customers-notified-pii...

Crown Point Health Center notified Health and Human Services of a data breach when the company improperly disposed of paper health files. The specific information compromised was not communicated.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Wendy's, the fast food chain retailer, is investigating reports regarding a potential breach of their credit card systems in their restaurants. The company has hired a security expert to investigate the incidences.

The company received reports from their payment industry contacts alerting them of unusual activity and fraudulent charges after credit/debit cards were used at their locations for legitimate purchases.

A spokesperson for the restaurant chained stated, "We began investigating immediately, and the period of time we’re looking at the incidents is late last year,” he said. “We know it’s [affecting] some restaurants but it’s not appropriate just yet to speculate on anything in terms of scope.”

KrebsOnSecurity heard from banking industry sources stating a possible breach and the reports were coming mostly from financial institutions in the midwest. Krebs has also heard "similar reports from banks on the east coast".

"The Wendy’s system includes approximately 6,500 franchise and company-operated restaurants in the United States and 28 countries and U.S. territories worldwide. Bertini said most of the U.S.-operated stores are franchises."

More information: http://krebsonsecurity.com/2016/01/wendys-probes-reports-of-credit-card-...

UPDATE (3/2/3026): The Wendy's credit/debit card breach appears to be much worse then originally thought, according to credit unions.

"This is what we’ve heard from three different credit union CEOs in Ohio now: It’s more concentrated and the amounts hitting compromised debit accounts is much higher that what they were hit with after Home Depot or Target,” Berger said. “It seems to have been been [the work of] a sophisticated group, in terms of the timing and the accounts they targeted. They were targeting and draining debit accounts with lots of money in them.”

More information: https://krebsonsecurity.com/2016/03/credit-unions-feeling-pinch-in-wendy...

The County of San Diego Human Resources Department notified employees of a data breach when information involving employees Wells Fargo Health Savings Accounts. The County stated,  "data regarding County employees who elected to set up HSAs was sent to Wells Fargo.

The information compromised includes names, addresses, Social Security Number, birthdate, employee ID, primary email, work phone number, personal phone number.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59801

Health Equity notified individuals of a data breach when an employee inadvertently sent an email on December 11, 2015 containing personal information to another employer the company conducts business with.

The information compromised included Social Security numbers.

The company is providing identity monitoring services through Kroll for one year for free.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59797

RealSelf.com notified customers of a data breach when they company noticed unauthorized access to their consumer data located on their servers.

The information compromised included username, email address and passwords.

The company is encouraging customers to change their passwords which can be done by clicking on the link at https://www.realselft.com/user/forgotPassword

More information:http://oag.ca.gov/ecrime/databreach/reports/sb24-59793

California Virtual Academies (CAVA) notified individuals of a data breach to their system. On December 9, 2015 the company discovered a "vulnerability in a data storage system" belonging to a third party provider.

For those with questions call 1-805-587-0202 Monday through Friday 8:00 a.m to 5:00 p.m Pacific Standard Time.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59786

Community Mercy Health Partners notified Health and Human Services of a data breach when improper disposal of paper files was discovered. The specific information compromised was not communicated.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Per Health and Human Services Livongo Health suffered a breach when paper files/films were breached. There is no information as to what type of information was compromised in the breach.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

The University of Virginia has notified employees of a data breach, when a cyber attack of their human resources system was discovered. The attack was initiated by a phishing email asking for usernames and passwords to their HR system and one or more employees fell for the phishing scam.

The information compromised included 1,400 W2's (which includes names, addresses, Social Security numbers,etc) of employees and direct deposit banking information of an additional 40 employees. According to the university the attackers gained access to the system sometime in early November 2014 and continued through February 2015.

The FBI led investigation has resulted in the arrest of suspects who are currently being held in custody, no names have been released.

More information: http://www.zdnet.com/article/university-of-virginia-data-breach-exposed-...

Kicky Pants (previously spelled KicKee Pants) notified customers of a data breach when the company discovered unauthorized access into their system.  The breach occurred between September 24, 2015 and December 26, 2015.

The information compromised included firs and last names, credit card numbers, expiration dates, security codes on the back of cards, billing address, telephone numbers and email addresses.

The company is offering identity theft protection services through ID Experts. They can be reached at 1-866-833-7924 Monday through Friday 6 a.m to 6 p.m Pacific Standard Time. The deadline to enroll is Aprill 22, 2016.

More information:http://oag.ca.gov/ecrime/databreach/reports/sb24-59770

An individual contacted a local TV station regarding records found in a dumpster outside a strip mall in Indianapolis Indiana. These documents were people's tax returns containing addresses, names and Social Security numbers.

The amount of individuals affected or the company that prepared the tax returns is not yet known.

More information: http://www.theindychannel.com/news/call-6-investigators/call-6-tax-docum...

An individual contacted a local news agency in Oklahoma City, Oklahoma when information on Crest Food employees was found in a dumpster at a recycling facility. The information this individual found on one employee included her application of employement, direct deposit form. Another individuals Social Security number and bank routing numbers were exposed.

The grocery store chain is currently investigation the issue with both their internal procedures and procedures with a third party vendor that they use to destroy sensitive information.

More information: http://www.news9.com/story/30995309/personal-information-found-on-discar...

Over 100 University of Northern Iowa employees reported that their tax returns had been rejected in 2014 because someone had filed a return fraudulently on their behalf, collecting their refund.

After further investigation, a 45 year old man, Bernard Ogie Oretekor has been charged with the tax indentity theft when computers belonging to Oretekor in connection with a separate investigation, uncovered the information on the employees.

It is still not clear how Oretekor gained this information on the employees.

More information: http://www.kcrg.com/content/news/Suspect-Charged-in-University-of-Northe...

The Central Marin Police have been investigating a skimming operation that as many as 20 people may have been victims of after the police received reports from individuals claiming that their credit/debit card information was compromised. The investigation revealed that skimming devices were placed on the gas pumps at the Gas and Shop station in San Anselmo.

"Police said the suspects used physical skimming devices to obtain the cards' information, and detectives have since checked all the gas pumps at the station to make sure the devices are no longer in place.

Stacks of paperwork from an employment agency was found dumped in containers at The City of Allentown Center for Recycling and Solid Waste. The files were not secure as they were placed in a public trash bin.

The information exposed included names, Social Security numbers, addresses and other information.

More information: http://www.mcall.com/news/local/watchdog/mc-employment-agency-applicatio...

Per Health and Human Services, New West Health Services, dba New West Medicare suffered a data breach when a laptop went missing. The information compromised was not disclosed.

More information:https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

The Department of Human Resources was notified by a third party that accidental disclosure of employee information was found on their website when improper redaction of documents was discovered.

The information exposed included Social Security numbers, and salary.

More information: http://www.databreaches.net/improper-redaction-exposed-virginia-employee...

The Hyatt hotel chain has notified individuals of a data breach when they discovered 250 of their 627 hotels were infected with malware that stole information, in particular, credit/debit card information.

The malware infected restaurants, spas, parking, golf shops, front desk reception.

The infection may have started as early as July 30, 2015 to December 8, 2015 and affecting hotels in US, UK, China, Germany, Japan, Italy, France, Russia and Canada.

Hyatt is offering one year of credit monitoring for free via CSID.

Click on the link for global list of sites

More information: http://www.zdnet.com/article/250-hyatt-hotels-infected-last-year-with-pa...

G&S Medical Associates, LLC suffered a data breach when a desktop computer was hacked. The type of information hacked was not disclosed by HHS.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Per Health and Human Services Blue Shield of California suffered a data breach when one of their network servers was hacked. No information was provided as to what information was compromised in the hack.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

TaxAct has notified customers of a data breach when an unauthorized party or party's infiltrated their system.

"According to the letter dated January 11, TaxAct found evidence that certain accounts were entered between Nov. 10, 2015 and Dec. 4, 2015. The attacker viewed and possibly copied or printed stored tax returns and thus had access to Social Security numbers, addressed, names, driver's license numbers and bank account information."

The company has not released how many individuals were affected by this breach. They are claiming that less than 0.25 percent were affected. The company is offering one year free of credit monitoring and a $1 million dollar insurance reimbursement policy.

More information: http://www.scmagazine.com/taxact-breached-customer-banking-and-social-se...

JB Autosports, Inc. notified customers of a data breach when the system their check out page was the target of a cyberattack. The cyberattack affected customers who used their credit cards to pay for purchases from the companies website.

The information compromised included names, addresses, credit card numbers, credit card expiration dates, CID numbers, CAV2 numbers, CVC2 numbers and CVV2 numbers.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59575

RateMyProfessors.com notified customers of a data breach when they discovered unauthorized access to a "Decommissioned Site" which allowed the hackers to gain access to the companies live site.

The information compromised included email addresses and passwords for registered users of the site. The site does not collect payment card information, Social Security numbers, driver's license numbers or insurance numbers.

The company is requiring individuals change their username and passwords.

More information: http://oag.ca.gov/ecrime/databreach/reports/sb24-59576

Time Warner Cable discovered that their online systems were hacked compromising the username and passwords of approximately 320,000 of its customers.

"The telecommunications giant says the FBI informed it of the apparent breach. As a precaution, the company is now contacting affected customers to advise them to change their account passwords."

More information: http://www.foxnews.com/tech/2016/01/08/time-warner-cable-says-320000-cus...

According to Health and Human Services Aspire Indiana Inc. suffered a data breach when a laptop was stolen from their facitlity. They did not report as to what specific personal information was on the laptop.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

Per Health and Human Services, AHRC Nassau suffered a data breach when unauthorized disclosure of files containing personal information was exposed. The specific information compromised was not communicated.

More information: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF...

People who ate at McFadden's received phone calls about fraudulent charges made to their credit card.

"The victims were told by their banks, the charges were made using a fake credit card. ABC15 found even more victims when we searched on Yelp. One writes, the manager told them they were aware of the problem, suggesting a problem with the bank."

More information: http://www.abc15.com/news/region-west-valley/glendale/mcfaddens-at-westg...