Navia Profit Options, a behind-the-scenes advantages administrator that handles accounts for greater than 10,000 US employers, has confirmed that hackers roamed inside its programs for practically a month earlier than anybody observed.
The corporate found suspicious exercise on Jan. 23, 2026. However when investigators dug deeper, they discovered that an unauthorized actor had been accessing and grabbing data since December 22, 2025, that means the breach went undetected for over three weeks. The entry continued till January 15, 2026.
In line with a March 18 submitting with the Maine Lawyer Basic’s Workplace, practically 2.7 million people are affected. The corporate formally places the quantity at 2,697,540 folks.
Navia is a consumer-focused advantages administrator headquartered in Renton, Washington. Many individuals impacted by this breach have probably by no means heard of the corporate, regardless that it manages their office advantages.
What information was stolen
The investigation decided that hackers exfiltrated a mixture of private identifiers and well being account particulars. In line with the corporate’s official discover to affected people, the uncovered data consists of:
- Full names
- Social Safety numbers
- Dates of delivery
- Telephone numbers
- E-mail addresses
On the well being advantages aspect, the breach uncovered data on participation in Well being Reimbursement Preparations (HRAs), Versatile Spending Accounts (FSAs), and COBRA enrollment. Navia emphasised in its notification that “no claims or monetary information had been disclosed” through the incident. A few of the data concerned date again to 2018, in keeping with reviews.
Firm response
After discovering the intrusion, Navia launched an investigation and started reviewing the safety of its programs. The corporate additionally notified federal regulation enforcement concerning the breach.
In its notification letter, Navia mentioned: “The confidentiality, privateness, and safety of non-public data is amongst Navia’s highest priorities, and we’ve safety measures in place to guard data in our care.” Navia additionally said it’s reviewing its insurance policies and procedures “associated to the storage and entry of non-public data to cut back the probability of the same future occasion.”
What ought to affected people do?
Navia started mailing notification letters to impacted people on March 18. These letters embrace an enrollment code for the free 12-month identification safety and credit score monitoring providers by Kroll. Recipients can activate their account on-line at enroll.krollmonitoring.com/redeem utilizing the code supplied within the letter.
Safety specialists suggest that anybody affected take a number of further steps:
- Place a fraud alert in your credit score recordsdata with the three main credit score bureaus, Equifax, Experian, and TransUnion. A fraud alert requires companies to confirm your identification earlier than issuing new credit score in your identify.
- Contemplate a safety freeze, which blocks anybody from accessing your credit score report completely except you elevate it. It is a stronger measure that may forestall criminals from opening new accounts utilizing stolen data.
- Monitor monetary statements and credit score reviews frequently for suspicious exercise. People can receive free credit score reviews at AnnualCreditReport.com.
- Keep vigilant about phishing makes an attempt. With Social Safety numbers and speak to data now in attackers’ fingers, focused scams might observe.
As of now, no ransomware group has publicly claimed duty for the assault. The complete scope of how the attackers accessed Navia’s programs and whether or not the stolen information is being actively used stays unclear. Investigations are nonetheless ongoing.
Additionally learn: AI rollouts, main safety breaches, and broader business shakeups are unfolding concurrently, reshaping the broader tech panorama.
