好,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,抓住关键信息。 文章主要讲的是Navia Benefit Solutions公司的数据泄露事件,影响了近270万人。攻击者在2025年12月到2026年1月期间入侵了他们的系统。公司是在1月23日发现可疑活动后展开调查的。 接下来,文章提到泄露的数据包括姓名、出生日期、社安号、电话、邮箱等敏感信息,但没有涉及索赔或财务数据。Navia采取了措施,比如加强安全措施,并为受影响者提供了免费的身份保护服务。 我需要把这些要点浓缩成一段话,不超过100字。确保涵盖事件的时间、影响人数、泄露的数据类型以及公司的应对措施。 最后,检查一下字数是否符合要求,并确保语言简洁明了。 </think> Navia Benefit Solutions数据泄露事件影响近270万人,攻击者于2025年12月至2026年1月入侵系统。泄露数据包括姓名、出生日期、社安号等敏感信息,但未涉及财务或索赔数据。公司已加强安全措施并提供免费身份保护服务。 2026-3-20 19:0:51 Author: securityaffairs.com(查看原文) 阅读量:7 收藏
Navia data breach impacts nearly 2.7 Million people
Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026.
Navia Benefit Solutions disclosed a data breach affecting 2,697,540 individuals. The company detected suspicious activity on January 23, 2026 and quickly launched an investigation to assess the incident.
Navia Benefit Solutions is a U.S.-based company that provides employee benefits administration services to employers and their staff. Founded in 1989 and headquartered in Washington State, Navia serves thousands of employers across the U.S., offering tools and platforms to help employees manage healthcare and financial benefits more easily.
Attackers accessed its systems from December 22, 2025, to January 15, 2026. The company detected suspicious activity on January 23, revealing that sensitive personal data had been exposed during the intrusion.
Navia’s notification revealed that exposed data could include name, date of birth, Social Security number, phone number, email address, Health Reimbursement Arrangements (HRAs), Flexible Spending Accounts (FSAs), or Consolidated Omnibus Budget Reconciliation Act (COBRA). Additionally, potentially impacted data points are limited to items such as termination date and election date. No claims or financial data were disclosed.
“On January 23, 2026, Navia discovered suspicious activity related to our environment. Navia promptly responded and launched an investigation to confirm the nature and scope of the incident. The investigation determined that an unauthorized actor accessed and acquired certain information between December 22, 2025, and January 15, 2026.” reads the data breach notification. “We conducted a thorough review of the activity to determine which individuals may have been impacted by this event. We are notifying you because that investigation determined certain information related to you was impacted.”
Navia confirmed the breach did not expose claims or financial data, but warned that the leaked information could still enable phishing and social engineering attacks. The company reviewed its security measures, improved policies, and notified federal law enforcement.
The company offers affected individuals 12 months of free identity protection and credit monitoring from Kroll.
“We encourage you to remain vigilant against incidents of identity theft and fraud and to review your account statements and credit reports for suspicious activity and to detect errors.” concludes the notification. “You can review the enclosed Steps You Can Take To Help Protect Personal Information to learn helpful tips on steps you can take to protect against possible information misuse, should you feel it appropriate to do so.”
At the time of writing, no ransomware group has claimed responsibility for the security breach.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
如有侵权请联系:admin#unsafe.sh