Overview
- Navia reports that an unauthorized actor accessed its systems between December 22, 2025 and January 15, 2026, with suspicious activity detected on January 23.
- The company says exposed information may include names, dates of birth, Social Security numbers, phone and email contacts, plus HRA, FSA and COBRA enrollment details.
- Navia says claims data and financial information were not exposed in the incident.
- Affected individuals are being offered 12 months of identity protection and credit monitoring through Kroll, with advice to consider fraud alerts and security freezes.
- Federal law enforcement has been notified, the firm says it is reviewing security and data retention practices, and no threat actor has claimed responsibility.