Navia Benefit Solutions, a company that administers benefit programs in the U.S. such as HRA, FSA, and COBRA, has reported a massive data breach affecting approximately 2.7 million people. The breach was caused by the exploitation of a vulnerability in the company’s API.

Unauthorized access to systems occurred between December 22, 2025, and January 15, 2026. Navia detected the incident on January 23 after noticing suspicious activity in its infrastructure and launched an investigation.

According to the findings of the investigation, which was announced to public on March 13, 2026, the cyber intrusion resulted in the leakage of personal data, including:

• Names
• Phone numbers
• Email addresses
• Social Security numbers (SSNs),
• For some individuals – dates of birth, Navia ID numbers, employee IDs, and enrollment start and end dates.

The company emphasizes that bank account details, payment card information, and actual claim amounts were not compromised.

Following the incident, Navia implemented additional security measures to prevent future breaches: strengthened API authorization, enabled multi-factor authentication, and tightened data access controls. In addition, the company began implementing a policy of deleting unused data for accounts that had been inactive for more than eight years or that had not selected certain benefit types in the previous year.

Cyber incidents in the healthcare sector have been occurring more frequently lately: healthcare providers and their technology partners have become a priority target for attackers due to the vast amounts of sensitive data they hold. In the past month alone, large-scale breaches affected TriZetto (a healthcare IT solutions provider, 3.4 million people) and MonLogicielMedical (a French centralized health information management system, 15 million people).

The Navia incident shows that APIs can become a critical vulnerability if data access is excessive or poorly controlled. Effective data management significantly reduces the potential impact of breaches.

Getting started with data management and access control is best done by implementing DCAP (Data-Centric Audit and Protection) systems, which help bring order to data storage.

For example, the tailor-made DCAP system SearchInform FileAuditor performs a storage audit, detects and classifies files containing sensitive information, identifies redundant data, and enables to configure access rights to files. Request your free 30-day trial!