Credit: Lane V. Erickson / Shutterstock.com
Another massive data breach has compromised millions of Americans’ healthcare data and sensitive information. Navia Benefit Solutions, a benefits administrator for more than 10,000 U.S. employers, has disclosed a hack that affects nearly 2.7 million individuals, according to a March 18 filing with the Maine Attorney General.
Navia’s services include software and customer support for the administration of everything from Flexible Spending Accounts (FSAs) and Health Savings Accounts (HSAs) to commuter and education benefits.
What happened with the Navia Benefit Solutions data breach?
On Jan. 23, Navia identified “suspicious activity” on its systems, leading to the discovery that hackers had access to some of the organization’s data between Dec. 22, 2025, and Jan. 15, 2026. During this time, threat actors were able to exfiltrate a significant amount of personally identifiable information (PII), which may include the following:
The compromised health plan data may include Health Reimbursement Arrangement (HRA) participation, Consolidated Omnibus Budget Reconciliation Act (COBRA) enrollment information, and information about users’ FSAs
Navia has said that no claims or financial data were included in the breach, though the information stolen is commonly used for social engineering attacks and identity theft.
What do you think so far?
What to do if you were affected by the Navia Benefit Solutions security breach
Navia began notifying affected individuals on March 18, so keep an eye out for a letter from Navia Benefit Solutions. If your data was included in the breach, you are eligible for one year of identity monitoring services through Kroll. Your letter will include information about how to enroll, including the deadline to sign up for services and your unique activation code. You’ll need to activate your account online at enroll.krollmonitoring.com/redeem.
As always, a major data breach is a good reminder to lock down your identity. Freeze your credit (this should be your default unless you are actively applying for a new credit line) and set up a one-year fraud alert, which adds extra friction if someone tries to apply for credit in your name. Check your credit report and financial accounts regularly for suspicious activity, and report fraud immediately to your financial institution. You can also file an identity theft report with the Federal Trade Commission and your local police department.
