NOTICE OF DATA SECURITY EVENT

What Happened?

On January 23, 2026, we discovered suspicious activity involving unauthorized access to, and potential acquisition of, personal information. This occurred between December 22, 2025 and January 15, 2026. This included Navia records going back seven years (to 2018), affecting almost 27,000 current and former PEBB members, about 5,600 current and former SEBB members, and almost 3,000 current and former participants in the Compact of Free Association (COFA) Islander program. Impacts may also include some PEBB and SEBB members who never enrolled in a Flexible Spending Arrangement (FSA) or Dependent Care Assistance Program (DCAP) because of eligibility data exchanges that allow members to elect these benefits during the annual open enrollment.

What Information Was Involved?

Accessed personal information included:

  • Navia ID numbers
  • First and last names
  • Social Security numbers (PEBB and SEBB members only)
  • Dates of birth
  • Physical addresses

Additional data may also include phone numbers, email addresses, enrollment start and end dates, and employee IDs.

The incident involved unauthorized read-only access and potential acquisition of data, which didn’t allow the unauthorized user to create or delete data. We found no evidence of system intrusion, data changes, fund transfers, or access to claims or bank account information.

What We Are Doing

The privacy and security of personal information is among our highest priorities. When the suspicious activity was discovered, we promptly began an investigation into the nature and scope of this incident. We identified and corrected the vulnerability in our system that was used to access the data.

While we have measures in place to protect information, we also hired external forensic specialists to review our policies and procedures related to the storage and access of personal information to help prevent similar events in the future. We notified federal law enforcement, and will notify other U.S. regulatory authorities as required.

For More Information

Affected current and former PEBB and SEBB members and COFA Islander members should get a letter in the coming weeks with more details about the incident, including which of their data elements were impacted. The letter will also include information on how they can protect and monitor their credit.

We have partnered with Kroll to help affected individuals with their questions about the incident and how to enroll in credit monitoring. Please direct all questions about this incident to Kroll’s dedicated assistance line at (844) 443-1645, Monday through Friday from 9 a.m. to 6:30 p.m. Eastern Time.

What You Can Do

We encourage everyone affected to watch for signs of identity theft and fraud by reviewing account statements and monitoring free credit reports for suspicious activity errors. Under U.S. law, consumers are entitled to one free credit report per year from each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion. To order a free credit report, visit annualcreditreport.com, call toll-free 1 (877) 322-8228, or contact the credit reporting bureaus directly using the information listed below.

 

Equifax Experian TransUnion
equifax.com/personal/credit-report-services experian.com/help transunion.com/data-breach-help
1 (888) 298-0045 1 (888) 397-3742 1 (833) 799-5355
Equifax Fraud Alert

PO Box 105069

Atlanta, GA 30348-5069

 Experian Fraud Alert

PO Box 9554

Allen, TX 75013

 TransUnion Fraud Alert

PO Box 2000

Chester, PA 19016
Equifax Credit Freeze

PO Box 105788

Atlanta, GA 30348-5788

 Experian Credit Freeze

PO Box 9554

Allen, TX 75013

 TransUnion Credit Freeze

PO Box 160

Woodlyn, PA 19094