Navia Benefit Solutions data breach impacted over 2.6 million individuals

American health and financial benefits provider Navia Benefit Solutions said it suffered a significant data breach between December and January that compromised the personal information of over 2.6 million individuals.

 

Navia Benefit Solutions announced the data breach in an data security incident notice filed with the office of the Attorney General of Maine on Friday, stating that it discovered the incident on January 23, a week after hackers gained access to its network and exfiltrated large amounts of information stored in its systems.

 

Navia Benefit Solutions offers comprehensive health and financial benefits services to employees of more than 10,000 businesses across the U.S., providing comprehensive benefits administration, retirement, CDH, finance, lifestyle, and compliance solutions. 

 

The company said in its statutory filing that after discovering unauthorised activity in its network on January 23, it launched an investigation to determine the nature and scope of the incident. The investigation determined that unauthorised actors accessed its systems between December 22, 2025 and January 15, 2026, and exfiltrated large amounts of data, including victims’ names, dates of birth, Social Security numbers, phone numbers, and email addresses.

 

"Where potentially impacted, health plan refers only to participation in Health Reimbursement Arrangements (HRAs) and Flexible Spending Accounts (FSAs), or Consolidated Omnibus Budget Reconciliation Act (COBRA). Additionally, potentially impacted data points are limited to items such as termination date and election date. No claims or financial data were disclosed," the company said.

 

The company informed the Maine Attorney General’s office that the data security incident compromised the personal information of 2,697,540 individuals. After determining the number of affected individuals, the company began notifying them about the incident and its impact on their personal information.

 

Navia added that after discovering the incident, it notified federal law enforcement about the incident, assessed the security of its systems, determined the number of affected people, and is working to implement additional safeguards and training for its employees.

 

"While we have measures in place to protect information in our care, as part of our ongoing commitment to the privacy of information, we continue to review our policies, procedures and processes related to the storage and access of personal information to reduce the likelihood of a similar future event," it added.

 

The health and financial benefits provider is also offering complimentary 12 months of credit monitoring services through Kroll to all affected individuals. "We encourage you to remain vigilant against incidents of identity theft and fraud and to review your account statements and credit reports for suspicious activity and to detect errors," the company said in its letter to affected individuals.