Overview
- Navia told the Maine Attorney General’s Office that 2,697,540 individuals were likely affected and is mailing notification letters.
- Investigators found unauthorized read-only access from December 22, 2025 to January 15, 2026, with suspicious activity discovered on January 23.
- Data accessed likely includes names, dates of birth, Social Security numbers, phone and email details, and HRA, FSA and COBRA enrollment information, though claims and financial data were not included.
- Some compromised records reportedly date back to 2018, increasing the longevity and value of the exposed information for fraud.
- Impacted people are offered 12 months of Kroll identity and credit monitoring, and Navia says it notified federal law enforcement and reviewed its security and data retention practices.