HackerOne has informed 287 employees that their personal information may have been exposed in a data breach at benefits administrator Navia Benefit Solutions, which reported unauthorized access between December 22, 2025 and January 15, 2026 that affected roughly 2.7 million people. The attackers reportedly accessed names, dates of birth, Social Security numbers, contact details and health plan information; HackerOne is conducting its own investigation, evaluating Navia’s security practices and may seek alternative benefits providers while Navia says it has no evidence of misuse. #HackerOne #NaviaBenefitSolutions
Keypoints
- HackerOne notified 287 employees their personal data may have been exposed in the Navia breach.
- Navia discovered unauthorized access on January 23 and traced the intrusion to Dec 22, 2025–Jan 15, 2026.
- Exposed data reportedly includes names, dates of birth, Social Security numbers, phone numbers, email addresses, and health plan information.
- Navia says nearly 2.7 million individuals are impacted and currently reports no evidence of misuse.
- HackerOne will investigate the incident, reassess Navia’s privacy and security practices, and consider other benefits providers if unsatisfied.
Read More: https://www.securityweek.com/hackerone-employee-data-exposed-in-massive-navia-breach/