SECURITYWEEK reports that HackerOne is notifying nearly 300 employees that their personal information was exposed in a data breach affecting Navia Benefit Solutions. Navia revealed that it found unauthorised access to its systems on 23 January, with the attacker having access from 22 December 2025 to 15 January 2026, and that the breach exposed details such as names, dates of birth, Social Security numbers, phone numbers, email addresses and health plan information.
Navia told the Maine Attorney General’s Office that nearly 2.7 million individuals are impacted by the data breach, and HackerOne said 287 of its employees may have been affected. The notification HackOne received from Navia was dated 20 February but was only delivered in March. HackerOne emphasised that safe handling of personal data is core to its operations and that it is conducting its own investigation and evaluating Navia’s privacy and security policies, with potential options if not satisfied. According to the Maine Attorney General’s Office, Navia is not aware of any misuse of the exposed data at this time.