NAVIA Benefit Solutions has disclosed a data breach affecting 2,697,540 individuals, with attackers accessing its systems from 22 December 2025 to 15 January 2026. The company detected suspicious activity on 23 January 2026 and launched a rapid investigation, later confirming that certain personal information was exposed.
Exposed data could include name, date of birth, Social Security number, phone number, email address, and details related to HRAs, FSAs, or COBRA, with potential additional items such as termination date and election date. Navia emphasised that neither claims nor financial data were disclosed, but cautioned that leaked information could still enable phishing and social engineering attacks. Affected individuals are offered 12 months of free identity protection and credit monitoring from Kroll as part of the response.