RECENT Navia data breach impacts HackerOne employee data, with HackerOne stating that 287 employees may have been affected, according to a filing with the Maine Attorney General Office. The breach arose from a Navia Benefit Solutions incident, which exposed personal information after attackers accessed Navia's systems from 22 December 2025 to 15 January 2026, with suspicious activity detected on 23 January 2026.
Exposed data could include names, dates of birth, Social Security numbers, phone numbers, email addresses, and details related to Health Reimbursement Arrangements and Flexible Spending Accounts, while termination and election dates were also cited as potentially impacted; no claims or financial data were disclosed. Navia says the breach did not show evidence of data misuse so far, though officials warned that leaked information could enable phishing and social engineering attacks.
Navia notified affected parties, and HackerOne is conducting its own investigation and reviewing Navia’s security practices, with the possibility of switching providers if standards are not met. To help those affected, Navia is offering 12 months of free identity protection and credit monitoring from Kroll.