Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026.
Navia Benefit Solutions disclosed a data breach affecting 2,697,540 individuals. The company detected suspicious activity on January 23, 2026 and quickly launched an investigation to assess the incident.
Navia Benefit Solutions is a U.S.-based company that provides employee benefits administration services to employers and their staff. Founded in 1989 and headquartered in Washington State, Navia serves thousands of employers across the U.S., offering tools and platforms to help employees manage healthcare and financial benefits more easily.
Attackers accessed its systems from December 22, 2025, to January 15, 2026. The company detected suspicious activity on January 23, revealing that sensitive personal data had been exposed during the intrusion.
Navia’s notification revealed that exposed data could include name, date of birth, Social Security number, phone number, email address, Health Reimbursement Arrangements (HRAs), Flexible Spending Accounts (FSAs), or Consolidated Omnibus Budget Reconciliation Act (COBRA). Additionally, potentially impacted data points are limited to items such as termination date and election date. No claims or financial data were disclosed.
“On January 23, 2026, Navia discovered suspicious activity related to our environment. Navia promptly responded and launched an investigation to confirm the nature and scope of the incident. The investigation determined that an unauthorized actor accessed and acquired certain information between December 22, 2025, and January 15, 2026.” reads the data breach notification. “We conducted a thorough review of the activity to determine which individuals may have been impacted by this event. We are notifying you because that investigation determined certain information related to you was impacted.”
Navia confirmed the breach did not expose claims or financial data, but warned that the leaked information could still enable phishing and social engineering attacks. The company reviewed its security measures, improved policies, and notified federal law enforcement.
The company offers affected individuals 12 months of free identity protection and credit monitoring from Kroll.
“We encourage you to remain vigilant against incidents of identity theft and fraud and to review your account statements and credit reports for suspicious activity and to detect errors.” concludes the notification. “You can review the enclosed Steps You Can Take To Help Protect Personal Information to learn helpful tips on steps you can take to protect against possible information misuse, should you feel it appropriate to do so.”
At the time of writing, no ransomware group has claimed responsibility for the security breach.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
