Navia Benefit Solutions Breach Exposes Data of 2.7 Million Individuals

Navia Benefit Solutions, a third-party benefits administrator, disclosed a data breach impacting approximately 2.7 million individuals. Hackers accessed and potentially exfiltrated personal and health plan information, including names, dates of birth, Social Security numbers, phone numbers, email addresses, and health plan details, between December 22, 2025, and January 15, 2026. The incident was discovered on January 23, 2026, indicating a detection gap of approximately one month. This breach highlights the ongoing risks to healthcare-related data and the vulnerabilities in third-party service providers that handle sensitive personal information. Affected individuals face risks of identity theft, medical fraud, and targeted phishing attacks. Organizations that partner with third-party administrators should conduct regular security assessments of their vendors, implement data minimization practices, and ensure contractual obligations include robust cybersecurity requirements. Individuals affected should monitor their credit reports, enable fraud alerts, and be vigilant for phishing attempts using the stolen information.