HackerOne — Benefits Data Exposed

HackerOneBenefits Data ExposedUpdated 2026-03-25 01:55 UTC

Bug bounty platform HackerOne disclosed a data breach affecting 287 employees and their dependents after its benefits administrator, Navia, was hacked. The breach exposed sensitive PII including Social Security numbers, names, addresses, and dates of birth due to a Broken Object Level Authorization (BOLA) vulnerability.

Benefits Portal Breach