NBSI A.I CyberSecurity Scoring
NBSI
Company Information
Website:https://www.naviabenefits.com/
Employees number:289
Number of followers:9,326
NAICS:541612
Industry Type:Human Resources Services
Homepage:naviabenefits.com
NBSI Risk Score (AI oriented)
Between 600 and 649
NBSIHuman Resources Services
Updated:
24/03/2026
24/03/2026
623/1000
Poor
Caa
NBSI Global Score (TPRM)
xxxx
NBSIHuman Resources Services
Score locked

NBSIPoor
Current Score
623Caa (POOR)
01000
2 incidents
-137 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
633
JUNE 2026
631
MAY 2026
627
APRIL 2026
627
MARCH 2026
623
FEBRUARY 2026
621
JANUARY 2026
619
DECEMBER 2025
753
Breach
22 Dec 2025 • NBSI
HackerOne and Navia Benefit Solutions Inc.: HackerOne Data Breach Exposes SSNs and Health Details
HackerOne Data Breach Traces Back to Third-Party Benefits Provider
616
CRITICAL-137
NAVHAC1774377242
HackerOne Data Breach Traces Back to Third-Party Benefits Provider
HackerOne, a San Francisco-based cybersecurity firm specializing in bug bounty programs, disclosed a data breach affecting 287 U.S.-based employees and dependents. The incident originated from Navia Benefit Solutions Inc., a third-party benefits administrator based in Renton, Washington, rather than HackerOne’s own systems.
The breach was discovered on January 23, 2026, after Navia detected suspicious activity between December 22, 2025, and January 15, 2026. An investigation revealed that a Broken Object Level Authorization (BOLA) vulnerability in Navia’s systems allowed an unauthorized actor to access and exfiltrate sensitive data. The exposed information included Social Security numbers, full names, addresses, dates of birth, email addresses, health plan details, and dependent data.
Navia notified affected companies, including HackerOne, on February 20, 2026, after completing its review. HackerOne confirmed the breach’s legitimacy in a meeting with Navia on March 13, 2026, and began notifying impacted individuals via written notices on March 17, 2026. The breach was formally disclosed to the Maine Attorney General on March 23, 2026, with one Maine resident among those affected.
HackerOne stated it is still awaiting further details from Navia regarding the vulnerability and is evaluating the provider’s security practices. While Navia has found no evidence of data misuse, HackerOne is treating the incident as a potential risk for identity theft, fraud, or financial loss. As a remedial measure, Navia is offering complimentary credit monitoring services through Kroll to affected individuals.
Affected parties can direct inquiries to [email protected] or Navia’s dedicated assistance line, as outlined in individual notifications.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Breach
22 Dec 2025 • NBSI
Navia Benefit Solutions Inc.: Navia Benefit Solutions Data Breach Exposes Sensitive Health Data
Navia Benefit Solutions Discloses Data Breach Exposing PII and PHI
616
CRITICAL-137
NAV1773671790
Navia Benefit Solutions Discloses Data Breach Exposing PII and PHI
Navia Benefit Solutions Inc., a national benefits administrator based in Renton, Washington, recently reported a data breach that compromised sensitive personal and health information. The company detected suspicious activity within its systems on January 23, 2026, prompting an investigation that revealed unauthorized access between December 22, 2025, and January 15, 2026.
The exposed data includes personally identifiable information (PII) such as names, dates of birth, Social Security numbers, phone numbers, and email addresses as well as protected health information (PHI), specifically health plan details. The total number of affected individuals remains undisclosed, and Navia has not specified how the breach occurred.
Navia has begun notifying impacted individuals via mail and posted a notice on its website. While the company has not offered free credit monitoring or identity protection services, it established a dedicated assistance line (844-443-1645) for inquiries, available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time. Affected individuals may also contact Navia by mail at 707 South Grady Way, Suite 350, Renton, WA 98057.
The breach underscores the risks of medical and financial identity theft, particularly given the exposure of Social Security numbers and health plan data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
753
OCTOBER 2025
753
SEPTEMBER 2025
753
AUGUST 2025
753
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for NBSI ??
What was NBSI's A.I Rankiteo Cyber Score in June 2026 ??
What was NBSI's A.I Rankiteo Cyber Score in May 2026 ??
What was NBSI's A.I Rankiteo Cyber Score in April 2026 ??
What was NBSI's A.I Rankiteo Cyber Score in March 2026 ??
What was NBSI's A.I Rankiteo Cyber Score in February 2026 ??
What was NBSI's A.I Rankiteo Cyber Score in January 2026 ??
What was NBSI's A.I Rankiteo Cyber Score in December 2025 ??
What was NBSI's A.I Rankiteo Cyber Score in November 2025 ??
What was NBSI's A.I Rankiteo Cyber Score in October 2025 ??
What was NBSI's A.I Rankiteo Cyber Score in September 2025 ??
What was NBSI's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on NBSI's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with NBSI ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view NBSI's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?