HackerOne employee and dependent data leak after Navia breach
Data Leak
Summary
Hide ▲
Show ▼
HackerOne disclosed that sensitive employee and dependent data was exposed after attackers accessed Navia through a Broken Object Level Authorization (BOLA) vulnerability. The leak affected 287 employees and included Social Security numbers, names, addresses, phone numbers, dates of birth, email addresses, and benefit dates. Access is believed to have occurred between December 22, 2025 and January 15, 2026. The exposed records could support phishing and social engineering even though no ransomware group has claimed the breach.
Related Happenings
France Titres ANTS portal user data leak
Data Leak
First: 24.04.2026 17:31
Last: 24.04.2026 17:31
Sources 1
About this happening:
France Titres confirmed a **security breach** on the **ANTS portal** that may have exposed **millions of users**, and a **database for sale** claim suggests the exposure could be...
France Titres ANTS portal user data leak
Data LeakAbout this happening: France Titres confirmed a **security breach** on the **ANTS portal** that may have exposed **millions of users**, and a **database for sale** claim suggests the exposure could be...
Navia Benefit Solutions Inc. hit by cyberattack
Incident
First: 19.03.2026 22:43
Last: 19.03.2026 22:43
Sources 1
How related:
At this time, we have been informed that a Broken Object Level Authorization (BOLA) vulnerability led to an unknown actor accessing Navia data between December 22, 2025, and January 15, 2026,
About this happening:
**Navia Benefit Solutions, Inc.** disclosed a **data breach** that exposed sensitive information for **nearly 2.7 million individuals**, after attackers had access to its systems...
Navia Benefit Solutions Inc. hit by cyberattack
IncidentHow related: At this time, we have been informed that a Broken Object Level Authorization (BOLA) vulnerability led to an unknown actor accessing Navia data between December 22, 2025, and January 15, 2026,
About this happening: **Navia Benefit Solutions, Inc.** disclosed a **data breach** that exposed sensitive information for **nearly 2.7 million individuals**, after attackers had access to its systems...
Navia Benefit Solutions data breach exposing benefits records
Data Leak
First: 19.03.2026 22:43
Last: 19.03.2026 22:43
Sources 1
About this happening:
**Navia Benefit Solutions** disclosed a **data breach** that exposed sensitive data tied to **nearly 2.7 million individuals**. Attackers had access to its systems from **December...
Navia Benefit Solutions data breach exposing benefits records
Data LeakAbout this happening: **Navia Benefit Solutions** disclosed a **data breach** that exposed sensitive data tied to **nearly 2.7 million individuals**. Attackers had access to its systems from **December...
TriZetto Provider Solutions patient and health insurance data leak
Data Leak
First: 09.03.2026 12:45
Last: 09.03.2026 12:45
Sources 1
About this happening:
TriZetto Provider Solutions disclosed a **data leak** affecting **over 3.4 million individuals**, putting sensitive patient and insurance records at risk of identity misuse. The c...
TriZetto Provider Solutions patient and health insurance data leak
Data LeakAbout this happening: TriZetto Provider Solutions disclosed a **data leak** affecting **over 3.4 million individuals**, putting sensitive patient and insurance records at risk of identity misuse. The c...
Monroe University stolen-data breach affecting 320,973 people
Data Leak
First: 14.01.2026 10:57
Last: 14.01.2026 10:57
Sources 1
About this happening:
The **Monroe University data leak** now has a confirmed scope of **320,973 affected individuals**, raising the risk of identity theft and account abuse. Attackers accessed the uni...
Monroe University stolen-data breach affecting 320,973 people
Data LeakAbout this happening: The **Monroe University data leak** now has a confirmed scope of **320,973 affected individuals**, raising the risk of identity theft and account abuse. Attackers accessed the uni...
Timeline
-
24.03.2026 16:01 2 articles · 2mo ago
HackerOne discloses Navia employee data exposure
Initial DisclosureHackerOne disclosed that Navia, its U.S. benefits administrator, exposed sensitive information for 287 employees and their dependents after an unknown actor accessed Navia data through a Broken Object Level Authorization (BOLA) vulnerability between December 22, 2025, and January 15, 2026. Navia said it became aware of suspicious activity in its environment on January 23, 2026, sent letters dated February 20, 2026 to impacted companies, offered 12 months of identity protection and credit monitoring, and said affected individuals' claims and financial information were not impacted.
Show sources
- HackerOne discloses employee data breach after Navia hack — www.bleepingcomputer.com — 24.03.2026 16:01
- HackerOne discloses employee data breach after Navia hack — www.bleepingcomputer.com — 24.03.2026 16:01