Navia Benefit Solutions Data Breach Impacts 2.7 Million People

On Jan. 23, 2026, Navia Benefit Solutions, a benefits administrator based in Renton, Washington, detected a data breach that exposed sensitive personal and health information belonging 2,697,540 individuals across the nation.

Navia‘s investigation found that an unauthorized actor had accessed and potentially acquired certain information during a window that stretched from Dec. 22, 2025, through Jan. 15, 2026.

After confirming the unauthorized access, Navia conducted a thorough review to identify which individuals may have been affected.

The company determined that the information potentially involved in the breach included personally identifiable information (PII) such as name, date of birth, Social Security number, phone number and email address. The breach also potentially exposed protected health information (PHI) in the form of health plan information.

The company has begun notifying potentially impacted individuals by letter sent to their home addresses, where address information was available.

State disclosures reveal local impacts include 319,208 residents in Washington, 37,465 residents in Massachusetts, 62,821 in Texas, 6,088 in Indiana, 2,718 in Iowa, 1,356 in New Hampshire (update), 833 in Maine.

Steps to Take If Your Information Was Exposed

Individuals can call 844-443-1645, Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time. They can also write to Navia at 707 South Grady Way, Suite 350, Renton, WA 98057.

Taking these steps does not guarantee protection, but it can reduce the chances of harm resulting from the exposed information.

Place a credit freeze. A credit freeze prevents credit bureaus from releasing information in a credit report without the consumer's express authorization. This makes it much harder for someone to open new accounts using stolen information. Under federal law, placing or lifting a credit freeze is free.

Contact each of the three major credit bureaus to place a freeze:

• Equifax: 1-888-298-0045
• Experian: 1-888-397-3742
• TransUnion: 1-833-799-5355

Set up a fraud alert. As an alternative or addition to a credit freeze, individuals can place a fraud alert on their credit file. An initial fraud alert lasts one year and requires businesses to take steps to verify a person's identity before extending new credit. Victims of identity theft can request an extended fraud alert that lasts seven years. A fraud alert can be placed by contacting any one of the three credit bureaus listed above.

Monitor credit reports: Under federal law, consumers are entitled to one free credit report per year from each of the three major credit bureaus. Individuals can request their reports through AnnualCreditReport.com or by calling 1-877-322-8228. Reviewing these reports regularly can help people spot unfamiliar accounts or suspicious activity early.

Request an IRS Identity Protection PIN: Because Social Security numbers were potentially exposed, affected individuals may want to consider applying for an Identity Protection PIN from the IRS. This six-digit number helps prevent someone else from filing a tax return using a stolen Social Security number.

Watch for suspicious health plan activity: Since health plan information was also involved, affected individuals should review their Explanation of Benefits statements carefully. If they see claims for services they did not receive, they should contact their health plan provider right away. Medical identity theft can be harder to detect than financial fraud, so staying alert is important.

Be cautious of phishing attempts: After a data breach, scammers sometimes send emails, texts or phone calls that reference the breach by name to trick people into providing more personal information. Individuals should be wary of any unsolicited communication that asks them to click a link, download a file or share personal details.

Review bank and financial statements: Although financial account information was not specifically listed among the exposed data, the combination of name, date of birth and Social Security number can be used to attempt unauthorized access to existing accounts. Individuals should regularly review their bank and credit card statements for any transactions they do not recognize.

File a complaint if needed: Consumers who believe their information has been misused can file a complaint with the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338. They also have the right to file a police report if they experience identity theft or fraud.