Credit: Lane V. Ericsson / Shutterstock.com
Another massive data breach compromised the healthcare data and sensitive information of millions of Americans. Navia Benefit Solutions, a benefits administrator for more than 10,000 US employers, has disclosed a hack that affected about 2.7 million people, according to March 18 filing with the Maine Attorney General.
Navia’s services include software and customer support for administering everything from Flexible Spending Accounts (FSAs) and Health Savings Accounts (HSAs) to commuter and education benefits.
What Happened to the Navia Benefit Solutions Data Breach?
It’s January 23, Navya Identified “suspicious activity” It led to the discovery that hackers had access to some of the organization’s data between December 22, 2025, and January 15, 2026, on its systems. During this time, the threat actors were able to extract significant amounts of personally identifiable information (PII), which could include:
Compromised health plan data may include Health Reimbursement Arrangement (HRA) participation, Consolidated Omnibus Budget Reconciliation Act (COBRA) enrollment information, and information about users’ FSAs.
Navia has said the breach did not involve any claims or financial data, although the stolen information is commonly used for social engineering attacks and identity theft.
What do you think so far?
What to do if you are affected by the Navia Benefit Solutions security breach
Navia began notifying affected individuals on March 18, so keep an eye out for a letter from Navia Benefit Solutions. If your data is included in the breach, you are eligible for one year of identity monitoring services through Kroll. Your letter will include information about how to register, including the deadline to sign up for the Services and your unique activation code. You must activate your account online at enroll.krollmonitoring.com/redeem.
As always, a major data breach is a good reminder Turn off your identity. Freeze your credit (this should be your default unless you’re actively applying for a new line of credit) and set up a one-year fraud alert, which adds extra friction if someone tries to apply for credit in your name. Regularly check your credit report and financial accounts for suspicious activity and report fraud to your financial institution immediately. You can also file an identity theft report with the Federal Trade Commission and your local police department.
