Navia Profit Options, Inc. (Navia) is informing practically 2.7 million people of a data breach that uncovered their delicate info to attackers.
An investigation into the incident revealed that the hackers had entry to the group’s techniques between December 22, 2025, and January 15, 2026. Nonetheless, the corporate found the suspicious exercise on January 23.
Navia says that it responded instantly and launched an inquiry to find out the potential affect of the incident.
“The investigation decided that an unauthorized actor accessed and bought sure info between December 22, 2025, and January 15, 2026,” the corporate says within the notification to impacted people.
Navia is a consumer-focused administrator of advantages that gives providers to greater than 10,000 employers throughout the U.S.
The corporate offers software program and buyer providers for the administration of Versatile Spending Accounts (FSA), Well being Financial savings Accounts (HSA), Well being Reimbursement Preparations (HRA), Commuter Advantages and COBRA Providers.
It additionally helps deal with commuter advantages, way of life accounts, schooling advantages, compliance/danger providers, and retirement-related choices.
Based on the corporate, the investigation into the breach revealed that the hacker accessed and should have exfiltrated the next sorts of knowledge:
- Full title
- Date of start
- Social Safety Quantity (SSN)
- Telephone quantity
- E-mail handle
- Participation in HRA (Well being Reimbursement Preparations)
- FSA (Versatile Spending Accounts) info
- Consolidated Omnibus Finances Reconciliation Act (COBRA) enrollment info
Navia underlines that the data breach didn’t expose particulars about claims or monetary info. Nonetheless, the uncovered knowledge is sufficient for risk actors to deploy phishing and social engineering assaults geared toward affected people.
The corporate states that it has reviewed its security posture and knowledge retention insurance policies to establish potential weaknesses that may be improved, and has notified federal legislation enforcement concerning the incident.
Prospects whose info was uncovered might be coated by a free 12-month identification safety and credit score monitoring service from Kroll. Letter recipients are additionally inspired to contemplate putting a fraud alert and security freeze on their credit score information.
On the time of writing, no ransomware group has claimed the Navia data breach.
Malware is getting smarter. The Purple Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your security stack is blinded.
