Navia Benefit Solutions is an employee benefits service provider. On January 23, 2026, they discovered suspicious activity on their network. An investigation discovered that there had been unauthorized access to parts of their network between December 22, 2025 and January 15, 2026.
The attacker(s) potentially accessed affected employees’ names, dates of birth, Social Security numbers, phone numbers, email addresses, and health plan information. For those potentially affected, “health plan” refers only to participation in Health Reimbursement Arrangements (HRAs) and Flexible Spending Accounts (FSAs), or Consolidated Omnibus Budget Reconciliation Act (COBRA). Additionally, potentially impacted data points are limited to items such as termination date and election date. No claims or financial data were disclosed, and Navia reports that it has no found no evidence of fraud or misuse.
On March 18, Navia notified the Maine Attorney General’s Office that a total of 2,697,540 people had been affected by the incident, of which 833 were Maine residents.
A copy of their substitute notice was posted on Navia’s website on March 13.
The Washington state-headquartered company is providing affected people with 12 months of free identity theft and credit monitoring services.
