Navia Benefit Solutions has disclosed additional details about a recently confirmed data breach, revealing that attackers had unauthorized access to its systems for several weeks before the incident was detected. According to the company, suspicious activity was identified on January 23, 2026, but subsequent investigation determined that the breach occurred in 2026.
During this period, threat actors were able to access and likely exfiltrate sensitive personal and health-related information. The compromised data includes names, dates of birth, Social Security numbers, phone numbers, email addresses, and details related to health plan participation.
In its official notification, Navia stated that its response efforts included securing affected systems, analyzing impacted data to determine the scope of exposure, and notifying individuals who may have been affected. Where address information was available, impacted individuals were informed via mailed letters. The company has reported to the Maine Attorney General’s Office that approximately 2,697,540 individuals were potentially impacted by the breach, making it one of the more significant data exposure incidents in the benefits administration sector As part of its response, Navia is offering affected individuals 12 months of complimentary identity theft protection and credit monitoring services. The company has also advised customers to remain alert for signs of fraud, regularly review financial statements, and monitor credit reports for suspicious activity or inaccuracies.
Navia Benefit Solutions, headquartered in Renton, Washington, provides a range of services including benefits administration, consumer-directed healthcare (CDH), spending accounts, retirement planning, and compliance solutions to organizations across the United States. Given the nature of the data involved, security experts warn that affected individuals may face an increased risk of identity theft and targeted phishing attempts. The incident highlights the growing risks associated with large-scale data storage in benefits and healthcare-related systems, where attackers can access a combination of personal and sensitive information. As investigations continue, organizations are being reminded of the importance of early threat detection, continuous monitoring, and robust data protection measures to prevent prolonged unauthorized access.
Recommended Cyber News:
-
SentinelOne and Cloudflare Expand Partnership for Unified AI-Driven Threat Detection
-
Commvault Integrates CloudSEK to Strengthen Identity Threat Detection
-
NetQuest Launches NetworkLens to Power Hyperscale AI-Driven Cyber Threat Detection
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
