Find notable cyber news and cases, enriched with sources, timelines, and signals.

HackerOne employee and dependent data leak after Navia breach

Data Leak
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

HackerOne disclosed that sensitive employee and dependent data was exposed after attackers accessed Navia through a Broken Object Level Authorization (BOLA) vulnerability. The leak affected 287 employees and included Social Security numbers, names, addresses, phone numbers, dates of birth, email addresses, and benefit dates. Access is believed to have occurred between December 22, 2025 and January 15, 2026. The exposed records could support phishing and social engineering even though no ransomware group has claimed the breach.

Related Happenings

AssuranceAmerica hit by network compromise

Incident
H score62 First: 09.07.2026 10:47 Last: 09.07.2026 10:47 Sources 1

About this happening: **AssuranceAmerica** confirmed a **data breach** that exposed records for **6,998,886 people** after an **unauthorized third party** accessed company systems and copied data files...

Nissan employee data leak via Oracle PeopleSoft zero-day

Data Leak
H score49 First: 30.06.2026 19:00 Last: 30.06.2026 19:00 Sources 1

About this happening: **Nissan** disclosed a **data leak** affecting **current and former employees** after attackers exploited **Oracle PeopleSoft**, exposing sensitive payroll and identity records ac...

France Titres ANTS portal user data leak

Data Leak
H score66 First: 24.04.2026 17:31 Last: 24.04.2026 17:31 Sources 1

About this happening: France Titres confirmed a **security breach** on the **ANTS portal** that may have exposed **millions of users**, and a **database for sale** claim suggests the exposure could be...

Navia Benefit Solutions Inc. hit by cyberattack

Incident
H score25 First: 19.03.2026 22:43 Last: 19.03.2026 22:43 Sources 1

How related: At this time, we have been informed that a Broken Object Level Authorization (BOLA) vulnerability led to an unknown actor accessing Navia data between December 22, 2025, and January 15, 2026,

About this happening: **Navia Benefit Solutions, Inc.** disclosed a **data breach** that exposed sensitive information for **nearly 2.7 million individuals**, after attackers had access to its systems...

Navia Benefit Solutions data breach exposing benefits records

Data Leak
H score62 First: 19.03.2026 22:43 Last: 19.03.2026 22:43 Sources 1

About this happening: **Navia Benefit Solutions** disclosed a **data breach** that exposed sensitive data tied to **nearly 2.7 million individuals**. Attackers had access to its systems from **December...

Timeline

  1. 24.03.2026 16:01 2 articles · 3mo ago

    HackerOne discloses Navia employee data exposure

    Initial Disclosure

    HackerOne disclosed that Navia, its U.S. benefits administrator, exposed sensitive information for 287 employees and their dependents after an unknown actor accessed Navia data through a Broken Object Level Authorization (BOLA) vulnerability between December 22, 2025, and January 15, 2026. Navia said it became aware of suspicious activity in its environment on January 23, 2026, sent letters dated February 20, 2026 to impacted companies, offered 12 months of identity protection and credit monitoring, and said affected individuals' claims and financial information were not impacted.

    Show sources