Navia Benefit Solutions Breach Exposes 2.7 Million SSNs

Navia Benefit Solutions has disclosed a data breach affecting nearly 2.7 million individuals whose Social Security numbers, health plan details, and personal information were stolen during an intrusion that lasted almost a month.

The breach notification filed with the Maine Attorney General confirms 2,697,540 affected individuals. That makes this one of the largest healthcare-adjacent breaches of 2026 so far.

Timeline of the Attack

Navia discovered unauthorized access on January 23, 2026. Subsequent investigation revealed attackers had been inside the network since December 22, 2025, giving them roughly 24 days of access before detection.

During that window, attackers accessed systems containing sensitive data for participants in COBRA continuation coverage, flexible spending accounts (FSAs), and dependent care assistance programs (DCAPs).

The company provides benefits administration services for employers and state programs including Washington's Public Employees Benefits Board (PEBB) and School Employees Benefits Board (SEBB).

What Data Was Exposed

The breach compromised a range of personally identifiable information:

• Full names and dates of birth
• Social Security numbers
• Phone numbers and email addresses
• Health plan enrollment information
• FSA and DCAP participation details

For identity thieves, this is a particularly valuable combination. SSNs paired with health plan data enable both financial fraud and medical identity theft scenarios.

Why This Matters

Healthcare benefits administrators sit at a sensitive intersection of personal, financial, and medical data. Unlike a typical e-commerce breach, this exposure includes information that can't be changed. You can get a new credit card but you can't get a new Social Security number.

The extended dwell time is also concerning. Nearly a month of access suggests the attackers weren't just grabbing data and running. Whether that indicates a more sophisticated operation or simply inadequate monitoring remains unclear from public disclosures.

This incident follows a pattern of healthcare sector targeting we've documented throughout 2026. The 700Credit breach affecting millions of auto dealership customers and the TELUS Digital breach with ShinyHunters show how attackers consistently target organizations holding sensitive PII.

Company Response

Navia uploaded a substitute breach notice to its website on March 13, with individual notification letters mailing starting March 18. Affected individuals are being offered 12 months of complimentary credit monitoring and identity theft protection services.

Washington state's Health Care Authority issued its own notification to PEBB and SEBB members, confirming the breach affects state employees and their dependents enrolled in flexible spending programs.

The company hasn't disclosed the attack vector or whether ransomware was involved. No ransomware group has publicly claimed responsibility as of this writing.

What Affected Individuals Should Do

If you receive a notification letter from Navia:

1. Enroll in the free monitoring - The 12-month credit monitoring is standard, but actually using it helps detect fraud early
2. Consider a credit freeze - A freeze prevents new accounts from being opened in your name at all three bureaus
3. Monitor explanation of benefits - Watch for medical services you didn't receive, which could indicate medical identity theft
4. File IRS Form 14039 - An Identity Theft Affidavit helps prevent tax refund fraud

The breach notification requires affected individuals to act within specific timeframes to access free services. Check your mail and don't dismiss official-looking letters as spam.