Navia Benefit Solutions Data Breach Exposes 2.7 Million Individuals' Data
Navia Benefit Solutions, an employee benefits administrator, disclosed a data breach where hackers had unauthorized access to its network between December 22, 2025, and January 15, 2026. The intrusion potentially acquired data of almost 2.7 million current and former participants and their dependents. Compromised data included names, email addresses, phone numbers, Social Security numbers, and health plan information.
Signal context
First seen: Dec 22, 2025
Last updated: Jun 20, 2026
Status: Public signal
Key points
- Unauthorized access from December 22, 2025, to January 15, 2026.
- Nearly 2.7 million individuals affected.
- Exposed data included names, email addresses, phone numbers, Social Security numbers, and health plan information.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Health Care and Social Assistance
Likely country: Location not provided
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: possible insider or internal misuse
Impact area: Confidentiality
Likely asset: User or customer data
- 10 signals in the same sector
- 31 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Navia Benefit Solutions Discloses Data Breach Affecting 2.7 Million Individualshttps://www.hipaajournal.com/navia-benefit-solutions-data-breach/Public source from hipaajournal.com.
Navia Data Breach Impacts 2.7 Million - SecurityWeekhttps://www.securityweek.com/navia-data-breach-impacts-2-7-million/Public source from securityweek.com.
Related signals
Grouped by why the signal is relevant.
Horizon Family Medical Group Data Breach
Reports emerged on June 18, 2026, of a possible data breach at Horizon Family Medical Group, a medical provider in New York's Hudson Valley region. Threat actor Incransom claimed to have stolen 7 TB of data, including medical information such as diagnoses, prescriptions, treatments, and lab results.
Council of Europe Hacked by ShinyHunters, 297 GB of Data Stolen
The notorious extortion group ShinyHunters claimed to have hacked the Council of Europe, stealing nearly 300 gigabytes of data, including employee personal information, payroll data, CVs, and medical records. The group threatened to leak the data if negotiations were not initiated.
iRhythm Holdings Discloses Cybersecurity Incident and Data Breach
iRhythm Holdings, a heart monitoring device manufacturer, identified unauthorized access to certain third-party-hosted business applications, leading to the exfiltration of sensitive patient and proprietary data. The company received an extortion demand from a threat actor.
DentaQuest Data Breach Exposes 2.6 Million Accounts
Dental benefits administrator DentaQuest confirmed a cybersecurity incident involving unauthorized access to a portion of its network, leading to the exposure of personal and health-related information for 2.6 million individuals. The ShinyHunters extortion group claimed responsibility and leaked the data.
Loblaw Companies Limited Discloses Data Breach Affecting Customer Information
On March 10, 2026, Loblaw Companies Limited, Canada's largest food and pharmacy retailer, announced that hackers breached a portion of its IT network and accessed basic customer information. The exposed data included names, phone numbers, and email addresses. Loblaw stated that sensitive data such as passwords, health records, and credit card numbers were not compromised, and the company implemented forced logouts for customer accounts.
Oracle Health (Cerner) Legacy Server Breach
In a separate incident from the Oracle Cloud breach, Oracle Health (formerly Cerner), a provider of electronic health record (EHR) systems, experienced a data breach. A hacker reportedly used stolen credentials to access legacy servers that had not yet been migrated to Oracle Cloud, leading to the exfiltration of healthcare records from various hospitals in the United States. The incident began on January 22, 2025, and Oracle first noticed the breach on February 20, 2025. The attacker is allegedly extorting Oracle Health customers, demanding cryptocurrency payments to withhold publishing the stolen data, which likely includes protected health information.