Massive healthcare breach: 2.7M SSNs
What happened
A healthcare data breach exposed roughly 2.7 million Americans’ Social Security numbers and sensitive records — a fresh pool of data that fraudsters can weaponize for identity and claims fraud (lifehacker.com).
Why it matters
Navia reported a precise affected count of 2,697,540 individuals in the notice it filed with the Maine Attorney General on March 13, 2026. (maine.gov (maine.gov)) (maine.gov) Navia’s security statement says unauthorized access occurred via an application programming interface between December 22, 2025 and January 15, 2026, and the company first detected suspicious activity on January 23, 2026; a separate Maine filing lists a discovery date of February 3, 2026. (pebb.naviabenefits.com (pebb.naviabenefits.com); maine.gov (maine.gov)) (naviabenefits.com) The exposed data elements listed in Navia’s notice and state filings include full names, dates of birth, Social Security numbers, phone numbers, email addresses, Navia-specific identification numbers and health-plan participation details such as FSA, HSA, COBRA and enrollment/termination dates. (pebb.naviabenefits.com (pebb.naviabenefits.com); hipaajournal.com (hipaajournal.com)) (naviabenefits.com) Navia Benefit Solutions is the Renton, Washington-based benefits administrator reported to serve more than 10,000 U.S. employers and administers FSAs, HSAs, COBRA and dependent care programs for employer-sponsored plans. (lifehacker.com (lifehacker.com); pebb.naviabenefits.com (pebb.naviabenefits.com)) (lifehacker.com) Navia uploaded a substitute breach notice to its site on March 13, 2026 and began mailing individual notification letters on or about March 18, 2026, and the company is offering 12 months of complimentary identity monitoring and credit restoration services through Kroll. (hipaajournal.com (hipaajournal.com); classactionu.org (classactionu.org)) (hipaajournal.com) Navia’s notice states the incident may have exposed records going back seven years (to 2018) for certain systems tied to benefits administration, increasing the scope of historical participant data potentially in the dataset. (pebb.naviabenefits.com (pebb.naviabenefits.com)) (pebb.naviabenefits.com)
Key numbers
- A healthcare data breach exposed roughly 2.7 million Americans’ Social Security numbers and sensitive records — a fresh pool of data that fraudsters can weaponize for identity and claims fraud (lifehacker.com).
- Navia reported a precise affected count of 2,697,540 individuals in the notice it filed with the Maine Attorney General on March 13, 2026.
- (pebb.naviabenefits.com (pebb.naviabenefits.com); hipaajournal.com (hipaajournal.com)) (naviabenefits.com) Navia Benefit Solutions is the Renton, Washington-based benefits administrator reported to serve more than 10,000 U.S.
What happens next
- employers and administers FSAs, HSAs, COBRA and dependent care programs for employer-sponsored plans.
Quick answers
What happened in Massive healthcare breach: 2.7M SSNs?
A healthcare data breach exposed roughly 2.7 million Americans’ Social Security numbers and sensitive records — a fresh pool of data that fraudsters can weaponize for identity and claims fraud (lifehacker.com).
Why does Massive healthcare breach: 2.7M SSNs matter?
Navia reported a precise affected count of 2,697,540 individuals in the notice it filed with the Maine Attorney General on March 13, 2026. (maine.gov (maine.gov)) (maine.gov) Navia’s security statement says unauthorized access occurred via an application programming interface between December 22, 2025 and January 15, 2026, and the company first detected suspicious activity on January 23, 2026; a separate Maine filing lists a discovery date of February 3, 2026. (pebb.naviabenefits.com (pebb.naviabenefits.com); maine.gov (maine.gov)) (naviabenefits.com) The exposed data elements listed in Navia’s notice and state filings include full names, dates of birth, Social Security numbers, phone numbers, email addresses, Navia-specific identification numbers and health-plan participation details such as FSA, HSA, COBRA and enrollment/termination dates. (pebb.naviabenefits.com (pebb.naviabenefits.com); hipaajournal.com (hipaajournal.com)) (naviabenefits.com) Navia Benefit Solutions is the Renton, Washington-based benefits administrator reported to serve more than 10,000 U.S. employers and administers FSAs, HSAs, COBRA and dependent care programs for employer-sponsored plans. (lifehacker.com (lifehacker.com); pebb.naviabenefits.com (pebb.naviabenefits.com)) (lifehacker.com) Navia uploaded a substitute breach notice to its site on March 13, 2026 and began mailing individual notification letters on or about March 18, 2026, and the company is offering 12 months of complimentary identity monitoring and credit restoration services through Kroll. (hipaajournal.com (hipaajournal.com); classactionu.org (classactionu.org)) (hipaajournal.com) Navia’s notice states the incident may have exposed records going back seven years (to 2018) for certain systems tied to benefits administration, increasing the scope of historical participant data potentially in the dataset. (pebb.naviabenefits.com (pebb.naviabenefits.com)) (pebb.naviabenefits.com)
