Third-party benefits administrator Navia Benefit Solutions is notifying nearly 2.7 million people that their personal information was stolen in a data breach.
The incident, the company says, was discovered on January 23, but the investigation into the matter determined that hackers had access to its systems between December 22, 2025, and January 15, 2026.
During that window, the attackers accessed and likely exfiltrated personal information such as names, dates of birth, Social Security numbers, phone numbers, and email addresses, as well as health plan information.
“This investigation and response included confirming the security of our systems, reviewing the contents of relevant data for sensitive information, and notifying potentially impacted individuals via a letter to their home address, where address information was available,” Navia notes in an incident notification.
This week, the company told the Maine Attorney General’s Office that 2,697,540 individuals were likely impacted by the data breach.
The company is providing the affected people with 12 months of free identity theft and credit monitoring services.
“We encourage you to remain vigilant against incidents of identity theft and fraud and to review your account statements and credit reports for suspicious activity and to detect errors,” the company told the impacted customers.
Based in Renton, Washington, Navia Benefit Solutions provides benefits administration, CDH, spending accounts, retirement and wealth solutions, and compliance solutions nationwide.
Related: Marquis Data Breach Affects 672,000 Individuals
Related: Security Firm Aura Discloses Data Breach Impacting 900,000 Records
Related: 238,000 Impacted by Bell Ambulance Data Breach
Related: Michelin Confirms Data Breach Linked to Oracle EBS Attack
