Navia says 2.7 million people may have had personal and health plan data exposed in cyberattack
4 min. read 
Published on
Navia Benefit Solutions has disclosed a major data breach that may have exposed the personal and limited health plan information of roughly 2.7 million people. In its public breach notice, the company said it discovered suspicious activity on January 23, 2026, and later determined that an unauthorized actor accessed and acquired certain information between December 22, 2025, and January 15, 2026.
The company says the stolen data can include a person’s name and other data elements tied to their account, while health plan information was limited to participation in health reimbursement arrangements, flexible spending accounts, or COBRA, along with items such as termination date and election date. Navia also says no claims data or financial data were disclosed.
That makes this a serious breach even without payment card exposure. Names, Social Security numbers, dates of birth, phone numbers, email addresses, and benefits-related details can give criminals enough information to run targeted phishing campaigns, identity theft attempts, or account fraud. Some outside reports citing the Maine filing say 2,697,540 people were affected nationwide.
What Navia says happened
According to Navia’s official notice, the company launched an investigation right after it detected suspicious activity in January. That investigation found that an unauthorized actor had access to its environment for a little more than three weeks. The company says it reviewed the affected data and began notifying impacted people after that review.
Navia did not publicly disclose the exact intrusion method in the official notice I reviewed. It also said it had not seen attempted or actual misuse of the affected information at the time of the notice, though it still chose to notify people and offer protection services out of caution.
What information may have been exposed
| Data type | Status |
|---|---|
| Name | Potentially exposed |
| Social Security number | Potentially exposed for some people |
| Date of birth | Potentially exposed for some people |
| Phone number | Potentially exposed for some people |
| Email address | Potentially exposed for some people |
| Health plan participation details | Potentially exposed |
| Claims data | Not disclosed, according to Navia |
| Financial data | Not disclosed, according to Navia |
The official California notice uses placeholders because it is a template sent to different people with different data combinations, so not every person necessarily lost the exact same fields. Still, the notice makes clear that names were involved and that some recipients had additional sensitive data exposed.
Timeline of the breach
- December 22, 2025: Unauthorized access window began, according to Navia.
- January 15, 2026: Last date in the access and acquisition window identified by the investigation.
- January 23, 2026: Navia discovered suspicious activity.
- March 13, 2026: Navia posted a public notice of the event.
- March 18, 2026: Consumer notifications began, according to reports based on the regulatory filing.
What Navia is offering affected users
Navia says it has secured identity monitoring services through Kroll at no cost to affected individuals. The notice says those services include credit monitoring, fraud consultation, and identity theft restoration, with enrollment required by the deadline listed in each letter.
The company also says it notified federal law enforcement and is reviewing its policies, procedures, and processes related to the storage and access of personal information to reduce the chance of a similar incident in the future.
Why this breach matters
Navia acts as a benefits administrator for employers, so many affected people may not immediately recognize the company name. That can create confusion when breach letters arrive and can also make phishing attempts more convincing if criminals use benefits-related details in follow-up scams. Reports on the incident describe Navia as a large third-party administrator serving thousands of employers.
The combination of identity data and benefits metadata also raises the risk of highly tailored fraud. Even when claims and banking data stay untouched, exposed personal records can still support tax fraud, account takeover attempts, or social engineering aimed at HR and benefits portals. This is an inference based on the exposed data categories listed in the notice.
What affected people should do now
- Enroll in the free Kroll identity monitoring service before the deadline in the notice.
- Review credit reports and account statements for unfamiliar activity.
- Consider placing a fraud alert or credit freeze with Equifax, Experian, and TransUnion.
- Watch for phishing emails, texts, or calls that reference benefits, HRAs, FSAs, or COBRA. This recommendation follows from the types of information Navia says may have been exposed.
FAQ
Reports based on regulatory filings say 2,697,540 people were affected nationwide, which rounds to about 2.7 million.
Navia says no claims data or financial data were disclosed.
Navia says it discovered suspicious activity on January 23, 2026.
Yes. Navia says affected individuals can get complimentary identity monitoring services through Kroll.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages