// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / HackerOne
Breach Record

HackerOne

DISCLOSED 2026-03-25 · SUPPLY CHAIN

HackerOne confirmed that employee data was exposed following a cyberattack on its third-party benefits provider, Navia. The breach originated from the supplier, not HackerOne's own infrastructure. No details on the number of records or specific data types were provided.

The record

What we know

Disclosed
2026-03-25
Attack vector
Supply Chain
Sector
cybersecurity
Domain
hackerone.com
Data classes exposed
employee data
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

The attack targeted a third-party provider, not HackerOne's own systems. A positive-security model on HackerOne's endpoints would not have prevented the breach of data held by Navia.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other supply chain breaches on file

This page is the permanent ColdRecon entry for the HackerOne disclosure. It updates if new public reporting emerges. All tracked breaches →

HackerOne just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →