What happened
Navia Benefit Solutions disclosed a data breach affecting nearly 2.7 million individuals after an unauthorized actor accessed its systems between December 22, 2025, and January 15, 2026, with the activity discovered on January 23. The attacker accessed and potentially exfiltrated sensitive data including full names, dates of birth, Social Security numbers, phone numbers, email addresses, and benefits-related information such as FSA, HRA, and COBRA enrollment details. Navia said no claims or financial payment data were exposed but warned the stolen information could be used in phishing and identity theft campaigns.Â
Who is affected
Customers and individuals whose data was managed by Navia, including employees of over 10,000 U.S. organizations using its benefits services, are affected.Â
Why CISOs should care
The breach highlights the risks posed by third-party benefits administrators that store large volumes of sensitive personal and healthcare-related data, making them high-value targets for attackers.Â
3 practical actions
- Assess third-party data exposure. Review vendors that manage employee benefits and sensitive personal data.Â
- Monitor for identity theft and phishing risks. The exposed data includes key identifiers that can be used in social engineering attacks.Â
- Offer protection services to affected individuals. Navia is providing credit monitoring and identity protection support.Â
For more coverage of major security incidents affecting organizations worldwide, explore our reporting on Data Breaches.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.