Credit: Lane V. Erickson / Shutterstock.com
Another massive data breach has compromised the health care data and sensitive information of millions of Americans. Navia Benefit Solutions, the benefits administrator for more than 10,000 US employers, has disclosed a hack that affected approximately 2.7 million individuals. March 18 filing With the Maine Attorney General.
Navia’s services include software and customer support for administering everything from flexible spending accounts (FSAs) and health savings accounts (HSAs) to traveler and education benefits.
What happened with the Navia Benefit Solutions data breach?
On January 23, Navia “Suspicious Activity” Identified On its systems, it was discovered that hackers had access to some of the organization’s data between December 22, 2025, and January 15, 2026. During this time, threat actors were able to exfiltrate a significant amount of personally identifiable information (PII), which may include the following:
Compromised health plan data may include health reimbursement arrangement (HRA) participation, Consolidated Omnibus Budget Reconciliation Act (COBRA) enrollment information, and information about users’ FSAs.
Navia has said that the breach did not involve any claims or financial data, although the stolen information is commonly used for social engineering attacks and identity theft.
What do you think so far?
What to do if you have been affected by the Navia Benefit Solutions security breach
Navia began notifying affected individuals on March 18, so keep an eye out for a letter from Navia Benefit Solutions. If your data was involved in the breach, you are eligible for one year of identity monitoring services through Kroll. Your letter will include information including how to enroll, deadlines to sign up for services, and your unique activation code. You must activate your account online at enroll.krollmonitoring.com/redeem.
As always, a major data breach is a good reminder to lock down your identity. Freeze your credit (this should be your default unless you’re actively applying for new lines of credit) and set a one-year fraud alert, which creates additional friction if someone tries to apply for credit in your name. Regularly check your credit reports and financial accounts for suspicious activity and report fraud immediately to your financial institution. You can also file identity theft reports with the Federal Trade Commission and your local police department.
