By rssfeeds-admin 
The incident exposes a wide range of sensitive personal and health-related information, raising concerns over potential downstream abuse in phishing and identity-based attacks.
API Vulnerability Enabled Unauthorized Access
According to the company’s disclosure, the breach originated from a security flaw in an Application Programming Interface (API), which was exploited by a threat actor to gain read-only access to internal systems.
While the attacker did not alter system data or deploy ransomware, the passive nature of the intrusion allowed it to remain undetected for a longer period.
Navia stated that the attacker did not access direct financial data such as bank account numbers or payment card information, nor were health claims involved. However, the compromised dataset still includes highly sensitive personally identifiable information (PII) and protected health-related data.
The organization has since remediated the API vulnerability and temporarily disabled participant registration to implement stronger authentication controls.
Enhanced monitoring mechanisms have also been deployed to detect anomalous access patterns.
The breach impacts both current and former participants of Navia-administered benefit programs, with records dating back to 2018.
As a third-party administrator serving over 10,000 employers across the United States, Navia maintains extensive datasets tied to employee benefits programs.
The exposed data includes:
- Full names, dates of birth, and residential addresses
- Email addresses and phone numbers
- Social Security numbers and Navia-specific identification numbers
- Health plan participation details, including FSAs, HRAs, COBRA enrollment, and termination dates
Although no financial credentials were accessed, the breadth of exposed identifiers significantly increases the risk of identity theft, account takeover attempts, and highly targeted social engineering campaigns.
Navia reported that it initiated an internal investigation immediately upon detecting unusual activity within its systems.
The company engaged external forensic experts to assess the extent of the compromise and has since notified federal law enforcement and regulatory authorities, including the U.S. Department of Health and Human Services (HHS).
Affected employers and plan participants have been formally notified of the incident. In response to the breach, Navia is offering 12 months of complimentary identity protection and credit monitoring services through Kroll.
From a security standpoint, the company has implemented additional safeguards, including stricter multi-factor authentication (MFA) enforcement and API access hardening.
The temporary suspension of new participant registrations was also part of containment efforts.
Security experts warn that the nature of the compromised data makes affected individuals particularly vulnerable to targeted phishing campaigns.
Attackers can leverage detailed benefit plan information and personal identifiers to craft convincing social engineering messages, impersonating employers, insurers, or benefits administrators.
Given the inclusion of Social Security numbers and historical enrollment data, the risk extends beyond immediate fraud attempts to long-term identity exploitation.
Users are advised to monitor financial accounts and credit reports closely, enable fraud alerts where possible, and remain cautious of unsolicited communications requesting sensitive information.
This incident underscores the growing risk posed by API vulnerabilities in modern enterprise environments, particularly in sectors handling aggregated personal and healthcare-related data.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Navia Confirms Data Breach Exposing Sensitive Data of 2.7 Million Users appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.