Navia discloses data breach impacting 2.7M people

bleepingcomputer.com · 01-_- · 7 days ago · view on HN · authentication
0 net
Tags
account-takeover malware microsoft node phishing
Navia discloses data breach impacting 2.7 million people Home News Security Navia discloses data breach impacting 2.7 million people Navia discloses data breach impacting 2.7 million people By Bill Toulas March 19, 2026 04:43 PM 0 Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers. An investigation into the incident revealed that the hackers had access to the organization's systems between December 22, 2025, and January 15, 2026. However, the company discovered the suspicious activity on January 23. Navia says that it responded immediately and launched an inquiry to determine the potential impact of the incident. “The investigation determined that an unauthorized actor accessed and acquired certain information between December 22, 2025, and January 15, 2026,” the company says in the notification to impacted individuals. Navia is a consumer-focused administrator of benefits that provides services to more than 10,000 employers across the U.S. The company provides software and customer services for the administration of Flexible Spending Accounts (FSA), Health Savings Accounts (HSA), Health Reimbursement Arrangements (HRA), Commuter Benefits and COBRA Services. It also helps handle commuter benefits, lifestyle accounts, education benefits, compliance/risk services, and retirement-related offerings. According to the company, the investigation into the breach revealed that the hacker accessed and may have exfiltrated the following types of data: Full name Date of birth Social Security Number (SSN) Phone number Email address Participation in HRA (Health Reimbursement Arrangements) FSA (Flexible Spending Accounts) information Consolidated Omnibus Budget Reconciliation Act (COBRA) enrollment information Navia underlines that the data breach did not expose details about claims or financial information. Nevertheless, the exposed data is enough for threat actors to deploy phishing and social engineering attacks aimed at affected individuals. The company states that it has reviewed its security posture and data retention policies to identify potential weaknesses that can be improved, and has notified federal law enforcement about the incident. Customers whose information was exposed will be covered by a free 12-month identity protection and credit monitoring service from Kroll. Letter recipients are also encouraged to consider placing a fraud alert and security freeze on their credit files. At the time of writing, no ransomware group has claimed the Navia data breach. Red Report 2026: Why Ransomware Encryption Dropped 38% Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight. Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded. Download The Report Related Articles: Canadian retail giant Loblaw notifies customers of data breach European DYI chain ManoMano data breach impacts 38 million customers Volvo Group North America customer data exposed in Conduent hack Aura confirms data breach exposing 900,000 marketing contacts Medical device maker UFP Technologies warns of data stolen in cyberattack Customer Data Data Breach Navia Notification Security Breach Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Previous Article Next Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories CISA urges US orgs to secure Microsoft Intune systems after Stryker breach Max severity Ubiquiti UniFi flaw may allow account takeover GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX Sponsor Posts Secure your AI agents without sacrificing speed. Are refund fraud methods targeting your brand? You can monitor the underground for these threats. Overdue a password health-check? Audit your Active Directory for free Cyber resilience without the complexity. Join Zero Networks to stop lateral movement fast. Uncover shadow AI apps, users, and risky data sharing. Get started in 5 min. Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT
← Back to stories