"HackerOne claimed the breach stemmed not from its own systems but from Navia Benefit Solutions, a US-based administrator handling employee benefits data."
"Navia detected 'suspicious activity' on January 23 and began investigating, but HackerOne did not receive formal notification until March after delays."
"The exposed data includes Social Security Numbers, full names, addresses, phone numbers, dates of birth, and email addresses, along with health plan participation details."
"HackerOne is proceeding on the assumption that the data could still be abused, advising employees to watch for fraud and consider locking down their credit."
Almost 300 HackerOne employees were impacted by a data breach caused by Navia Benefit Solutions, a third-party benefits provider. A Broken Object Level Authorization flaw allowed unauthorized access to sensitive employee data from December 22, 2025, to January 15, 2026. Navia detected suspicious activity on January 23 but HackerOne did not receive formal notification until March. The breach affected over 2.6 million individuals, with compromised data including Social Security Numbers and personal details. HackerOne is advising employees to monitor for fraud and may reconsider supplier relationships.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]