1. Forum
  2. tqwNet
  3. TQW GENTECH

  • HackerOne says employees hit by data breach - and Navia hack is t

    From TechnologyDaily@1337:1/100 to All on Wednesday, March 25, 2026 13:30:28
    HackerOne says employees hit by data breach - and Navia hack is to blame

    Date:
    Wed, 25 Mar 2026 13:25:00 +0000

    Description:
    Earlier attack on Navia trickled down to affect HackerOne employees too.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are now subscribed Your newsletter sign-up was successful An account already exists for this email address, please log in. Subscribe to our newsletter HackerOne confirms supply chain breach via Navia benefits provider 287 employees sensitive data exposed, including SSNs, addresses, and health plan details HackerOne criticizes Navias slow response; no evidence of data misuse yet,
    but 2.7 million people affected overall HackerOne has revealed it was the victim of a supply chain attack in which it lost sensitive employee data.

    The company has filed a new report with the Office of the Maine Attorney General, confirming that 287 of its employees lost a combination of: social security number, full name, address, phone number, date of birth, email address, health plan participation (Y/N), non-health plan participation
    (Y/N), plan enrollment dates, effective dates, and termination dates. In a letter sent to affected individuals, HackerOne explained in late December
    2025 and early January 2026, a threat actor managed to leverage a Broken Object Level Authorization (BOLA) vulnerability in Navia, an employee
    benefits solutions provider. Article continues below You may like Major
    health provider data breach may have affected thousands more people - over 700k now thought to have been hit Thousands of employees exposed as Korean
    Air compromised in Oracle breach TriZetto data breach: health tech giant reveals personal info of 3.4 million users may have been affected No claims yet "On January 23, 2026, Navia became aware of suspicious activity in their environment. Navia sent letters dated February 20, 2026, to impacted companies," the letter further reads.

    HackerOne said it only received the letter in March 2026, slamming the
    service provider for its seemingly slow response:

    We are still awaiting additional information about the vulnerability that led to this incident, and a satisfactory reason for the delay in their notification to us, HackerOne said. The company stressed that it will analyze Navias security practices directly and re-evaluate using its services.

    So far, there is no evidence to suggest the stolen data is being abused in
    the wild, HackerOne says. However, it still urges all affected individuals to be careful of incoming emails and other forms of communication, especially those claiming to originate from either HackerOne, or Navia. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Navia handles benefits for more than 10,000 US employers. According to an earlier report by TechRepublic , the Navia breach affected almost 2.7 million people. No threat actor groups have yet claimed responsibility for the
    attack.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackerone-says-employees-hit-by-data-br each-and-navia-hack-is-to-blame


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)