Navia Benefit Solutions, Inc. (Navia) is informing nearly 2.7 million individuals of a data breach that exposed their sensitive information to attackers.
An investigation into the incident revealed that the hackers had access to the organization’s systems between December 22, 2025, and January 15, 2026. However, the company discovered the suspicious activity on January 23.
Navia says that it responded immediately and launched an inquiry to determine the potential impact of the incident.
“The investigation determined that an unauthorized actor accessed and acquired certain information between December 22, 2025, and January 15, 2026,” the company says in the notification to impacted individuals.
Navia is a consumer-focused administrator of benefits that provides services to more than 10,000 employers across the U.S.
The company provides software and customer services for the administration of Flexible Spending Accounts (FSA), Health Savings Accounts (HSA), Health Reimbursement Arrangements (HRA), Commuter Benefits and COBRA Services.
It also helps handle commuter benefits, lifestyle accounts, education benefits, compliance/risk services, and retirement-related offerings.
According to the company, the investigation into the breach revealed that the hacker accessed and may have exfiltrated the following types of data:
- Full name
- Date of birth
- Social Security Number (SSN)
- Phone number
- Email address
- Participation in HRA (Health Reimbursement Arrangements)
- FSA (Flexible Spending Accounts) information
- Consolidated Omnibus Budget Reconciliation Act (COBRA) enrollment information
Navia underlines that the data breach did not expose details about claims or financial information. Nevertheless, the exposed data is enough for threat actors to deploy phishing and social engineering attacks aimed at affected individuals.
The company states that it has reviewed its security posture and data retention policies to identify potential weaknesses that can be improved, and has notified federal law enforcement about the incident.
Customers whose information was exposed will be covered by a free 12-month identity protection and credit monitoring service from Kroll. Letter recipients are also encouraged to consider placing a fraud alert and security freeze on their credit files.
At the time of writing, no ransomware group has claimed the Navia data breach.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
