Persistence

24 Days Undetected

The attackers maintained undetected access inside Navia's network from December 22, 2025 through January 15, 2026. The company did not discover suspicious activity until January 23, 2026, a full 8 days after the attackers had already finished and left.

Collection

Health and Benefits Data Harvested

Attackers accessed and collected sensitive personal information including full names, dates of birth, Social Security numbers, phone numbers, email addresses, and enrollment details for FSA, HRA, and COBRA benefits programs belonging to nearly 2.7 million individuals.

Exfiltration

2.7 Million Records Stolen

The collected data was acquired and removed from Navia's systems. The breach affected individuals across more than 10,000 employers nationwide who use Navia to administer employee health and benefits accounts.

Impact

Identity Theft and Social Engineering Risk

Nearly 2.7 million Americans now face elevated risk of identity theft, phishing attacks, and social engineering fraud. Exposed Social Security numbers combined with health benefits enrollment data give attackers enough information to impersonate victims to insurers, employers, and government agencies. Navia is offering 12 months of free credit monitoring through Kroll.