TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Nearly 300 HackerOne employees had sensitive personal data exposed after a Broken Object Level Authorization (BOLA) vulnerability was exploited in Navia Benefit Solutions, a third-party employee benefits administrator. The breach occurred between December 22, 2025 and January 15, 2026, but HackerOne didn't receive formal notification until March — weeks after Navia detected suspicious activity in late January. HackerOne publicly criticized Navia for the delayed disclosure and is reviewing whether to switch benefits providers. The broader Navia breach affected over 2.6 million people. Compromised data includes Social Security Numbers, health plan details, and personal identifiers — prime identity theft material.

HackerOne slams supplier over delayed breach notice