HackerOne employee and dependent data leak after Navia breach
Data Leak
Summary
Hide ▲
Show ▼
HackerOne disclosed that sensitive employee and dependent data was exposed after attackers accessed Navia through a Broken Object Level Authorization (BOLA) vulnerability. The leak affected 287 employees and included Social Security numbers, names, addresses, phone numbers, dates of birth, email addresses, and benefit dates. Access is believed to have occurred between December 22, 2025 and January 15, 2026. The exposed records could support phishing and social engineering even though no ransomware group has claimed the breach.
Related Happenings
AssuranceAmerica hit by network compromise
Incident
H score62
First: 09.07.2026 10:47
Last: 09.07.2026 10:47
Sources 1
About this happening:
**AssuranceAmerica** confirmed a **data breach** that exposed records for **6,998,886 people** after an **unauthorized third party** accessed company systems and copied data files...
AssuranceAmerica hit by network compromise
IncidentAbout this happening: **AssuranceAmerica** confirmed a **data breach** that exposed records for **6,998,886 people** after an **unauthorized third party** accessed company systems and copied data files...
Nissan employee data leak via Oracle PeopleSoft zero-day
Data Leak
H score49
First: 30.06.2026 19:00
Last: 30.06.2026 19:00
Sources 1
About this happening:
**Nissan** disclosed a **data leak** affecting **current and former employees** after attackers exploited **Oracle PeopleSoft**, exposing sensitive payroll and identity records ac...
Nissan employee data leak via Oracle PeopleSoft zero-day
Data LeakAbout this happening: **Nissan** disclosed a **data leak** affecting **current and former employees** after attackers exploited **Oracle PeopleSoft**, exposing sensitive payroll and identity records ac...
France Titres ANTS portal user data leak
Data Leak
H score66
First: 24.04.2026 17:31
Last: 24.04.2026 17:31
Sources 1
About this happening:
France Titres confirmed a **security breach** on the **ANTS portal** that may have exposed **millions of users**, and a **database for sale** claim suggests the exposure could be...
France Titres ANTS portal user data leak
Data LeakAbout this happening: France Titres confirmed a **security breach** on the **ANTS portal** that may have exposed **millions of users**, and a **database for sale** claim suggests the exposure could be...
Navia Benefit Solutions Inc. hit by cyberattack
Incident
H score25
First: 19.03.2026 22:43
Last: 19.03.2026 22:43
Sources 1
How related:
At this time, we have been informed that a Broken Object Level Authorization (BOLA) vulnerability led to an unknown actor accessing Navia data between December 22, 2025, and January 15, 2026,
About this happening:
**Navia Benefit Solutions, Inc.** disclosed a **data breach** that exposed sensitive information for **nearly 2.7 million individuals**, after attackers had access to its systems...
Navia Benefit Solutions Inc. hit by cyberattack
IncidentHow related: At this time, we have been informed that a Broken Object Level Authorization (BOLA) vulnerability led to an unknown actor accessing Navia data between December 22, 2025, and January 15, 2026,
About this happening: **Navia Benefit Solutions, Inc.** disclosed a **data breach** that exposed sensitive information for **nearly 2.7 million individuals**, after attackers had access to its systems...
Navia Benefit Solutions data breach exposing benefits records
Data Leak
H score62
First: 19.03.2026 22:43
Last: 19.03.2026 22:43
Sources 1
About this happening:
**Navia Benefit Solutions** disclosed a **data breach** that exposed sensitive data tied to **nearly 2.7 million individuals**. Attackers had access to its systems from **December...
Navia Benefit Solutions data breach exposing benefits records
Data LeakAbout this happening: **Navia Benefit Solutions** disclosed a **data breach** that exposed sensitive data tied to **nearly 2.7 million individuals**. Attackers had access to its systems from **December...
Timeline
-
24.03.2026 16:01 2 articles · 3mo ago
HackerOne discloses Navia employee data exposure
Initial DisclosureHackerOne disclosed that Navia, its U.S. benefits administrator, exposed sensitive information for 287 employees and their dependents after an unknown actor accessed Navia data through a Broken Object Level Authorization (BOLA) vulnerability between December 22, 2025, and January 15, 2026. Navia said it became aware of suspicious activity in its environment on January 23, 2026, sent letters dated February 20, 2026 to impacted companies, offered 12 months of identity protection and credit monitoring, and said affected individuals' claims and financial information were not impacted.
Show sources
- HackerOne discloses employee data breach after Navia hack — www.bleepingcomputer.com — 24.03.2026 16:01
- HackerOne discloses employee data breach after Navia hack — www.bleepingcomputer.com — 24.03.2026 16:01