Navient Discloses Material Cybersecurity Incident at Third-Party Law Firm, Sensitive Customer Data Exposed
NAVI sits 17% above its 52-week low of $7.33.
Summary
Navient disclosed a material cybersecurity incident at a third-party law firm, resulting in unauthorized access to sensitive borrower data, including Social Security numbers.
Key Events · Legal and Risk Events · NAVI
-
Material Cybersecurity Incident
Navient became aware on June 8, 2026, of a ransomware attack affecting a third-party law firm that provides services to the company.
-
Sensitive Customer Data Exposed
The incident resulted in unauthorized access to borrower information, including customer names, dates of birth, addresses, and Social Security numbers.
-
No Direct Impact on Company Systems
The breach was limited to the third-party's environment, with no evidence of unauthorized access to Navient's own systems or disruption to its operations.
-
Regulatory and Individual Notifications Underway
The company is notifying affected individuals and regulators as required by law, and law enforcement has been informed.
Analysis · NAVI · Finance
Navient reported a material cybersecurity incident involving a ransomware attack on a third-party law firm that handles company data. The breach exposed sensitive borrower information, including names, dates of birth, addresses, and Social Security numbers. While the incident did not affect Navient's own systems or operations, the exposure of such sensitive data creates potential for reputational damage, regulatory fines, and legal liabilities, despite the company's current assessment of no material financial impact.
At the time of this filing, NAVI was trading at $8.61 on NASDAQ in the Finance sector, with a market capitalization of approximately $809.2M. The 52-week trading range was $7.33 to $16.07. This filing was assessed with negative market sentiment and an importance score of 7 out of 10.