Between December 22, 2025 and January 15, 2026, an attacker spent 24 consecutive days inside Navia Benefit Solutions’ systems. They quietly and methodically pulled Social Security numbers, dates of birth, health plan enrollment details, and COBRA records belonging to 2,697,540 Americans. These include teachers, state workers, and school administrators. People who signed up for employer benefits through HR software and had no idea which third-party company held their data.
Navia didn’t catch it for more than three weeks after the attacker had already stopped. The company published a breach notice on March 13, 2026. Individual notification letters went out on March 18 — eighty-six days after the intrusion began.
This article has been indexed from DZone Security Zone
Read the original article: