Navia Benefits Breach Exposes Health Plan Data of 2.6 Million People
Navia Benefits Solutions, a third-party administrator for health and benefits plans, disclosed a data breach affecting more than 2.6 million people, with some reports putting the total at about 2.7 million. The incident exposed sensitive personal and benefits-related information tied to health plan administration, making it one of the larger recent breaches involving employee benefits data.
Reporting indicates the stolen information included personally identifiable data and health plan details held by Navia on behalf of clients. Because Navia serves as an intermediary for employers and benefit programs, the breach has broad downstream impact for organizations whose workers and dependents entrusted the company with benefits enrollment and related records.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Navia publicly discloses the data breach
Navia disclosed the incident publicly in breach notifications and reporting in March 2026, warning affected individuals that sensitive personal and health-plan information had been exposed. News coverage on March 19 and March 23 reported the disclosure and scale of the breach.
Navia completes review and determines breach scope
After investigating the incident, Navia determined that more than 2.6 million people were affected, with some reporting placing the total at about 2.7 million. The company identified the categories of exposed information and the populations impacted.
Attackers steal health plan and personal data from Navia
Data taken from Navia included personal and health-plan-related information such as names, Social Security numbers, dates of birth, addresses, and benefits or claims information. The breach affected clients for whom Navia administered COBRA, commuter, and other benefit programs.
Navia detects unauthorized access to its systems
Navia Benefits Solutions discovered suspicious activity and determined that an unauthorized party had accessed parts of its environment. The intrusion led to the theft of sensitive data held as a third-party benefits administrator.
Sources
2 references tracked. Mallory keeps watching after this page renders.
Navia Data Breach Hits 2.7 Million People, Exposing Sensitive Personal Data
techrepublic.com
Open sourceHealth plan information for over 2.6 million stolen from third-party admin Navia | The Record from Recorded Future News
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Navia Benefit Solutions Breach Exposes Data on 2.7 Million Benefits Enrollees
Navia Benefit Solutions, a Washington-based third-party workplace benefits administrator serving more than 10,000 U.S. employers, disclosed a cyberattack that gave unauthorized actors read-only access to its network between **December 22, 2025, and January 15, 2026**. The company said the breach may have affected **2,697,540 individuals** and exposed a broad set of personal and benefits data, including names, dates of birth, Social Security numbers, phone numbers, email addresses, and enrollment information tied to **FSA, HRA, and COBRA** accounts, with some records reportedly dating back to 2018. Navia detected suspicious activity on January 23 and said it notified federal law enforcement and regulators, including the **U.S. Department of Health and Human Services**, in a breach reportable under **HIPAA**. Notification letters began going out on March 18 after a substitute notice was posted on March 13, and the company is offering **12 months of credit monitoring and identity theft protection** through Kroll. One confirmed affected client, the **Washington State Health Care Authority**, said the incident involved records spanning seven years for tens of thousands of **PEBB, SEBB, and COFA** members, as well as data linked to 37 school districts; Navia has not said ransomware was involved and no ransomware group has claimed the attack.
Mar 25, 2026
Anthem Breach Exposed Personal Data of Up to 80 Million Health Plan Members
Anthem disclosed that attackers breached its systems and stole personal information tied to as many as 80 million current and former members and employees, making the incident one of the largest healthcare data breaches on record. The company said a sophisticated external attack exposed names, birth dates, medical or member IDs, Social Security numbers, street addresses, email addresses, phone numbers, and employment and income information across multiple Anthem brands, including Anthem Blue Cross, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare. Anthem said there was no evidence that credit card data or medical records such as claims, test results, or diagnostic codes were taken. The insurer said it discovered the intrusion, notified the FBI, hired Mandiant to conduct a forensic investigation, and planned to offer affected individuals free credit monitoring and identity protection services. Reporting said the compromised database was not encrypted at rest and that investigators were examining whether the attackers used stolen administrator credentials, with some scrutiny falling on possible links to Chinese cyberespionage activity. The breach also underscored a broader surge in attacks on healthcare organizations, where rich stores of personally identifiable information had made the sector an increasingly attractive target for cybercriminals.
May 25, 2026
Third-Party Healthcare and Benefits Service Provider Breaches Expand to Millions of Victims
Health insurance technology provider **TriZetto Provider Solutions** (a Cognizant subsidiary) updated breach notifications indicating the impact of its **November 2024** intrusion has grown to **more than 3.4 million** affected individuals. Disclosures to state regulators and downstream notifications from county governments and healthcare providers indicate theft of sensitive personal data including **addresses, Social Security numbers, and health insurance identifiers**, with some jurisdictions reporting hundreds of thousands of impacted residents. Separately, the **Conduent** incident has expanded dramatically in public filings, with reported totals rising from roughly **10.5 million** to **more than 25 million** affected individuals across the US, including a major increase in **Texas** (reported at **15.4 million**) while **Oregon** remains around **10.5 million**. Reporting indicates attackers maintained access for roughly **three months** and exfiltrated about **8 TB** of data, underscoring the systemic risk posed by large, behind-the-scenes vendors that support **Medicaid/SNAP and other state benefit programs**, healthcare-related processing, and major employer services—creating a wide “blast radius” even for individuals unfamiliar with the vendor name.
Mar 21, 2026