Security breach at the P&A Group, an NCFlex vendor

A screenshot of the NC Flex webpageBeginning in mid-May 2026, the P&A Group experienced a significant system infrastructure disruption that impacted their website, online portals, call center, email servers, and claims processing systems. A second incident occurred on June 30th and one that is believed to be more than an infrastructure disruption but rather a security breach, which was swiftly communicated to agencies by the North Carolina Office of State Human Resources. They have issued the following advisory to all NCFlex participants:

"NCFlex benefits provider P&A Group recently experienced a website security breach. Please do not make changes to any accounts through P&A Group, via the web or phone, until further notice. Remember to be cyber smart — always protect your credentials and never give out information to unknown callers or text messages."

What this means for you

If employees are enrolled in any benefits plan administered by the P&A Group, including either a Health Care FSA or Dependent Day Care FSA, please be aware of the following:

  • Do not log into your P&A Group account or make any account changes via the web or phone until further notice. This precaution is in place to protect your personal information while the breach investigation is ongoing.
  • Do not provide any personal information via phone or text to anyone purporting to be from NCFlex or the P&A Group. Based on the limited information shared, we do not recommend any contact with P&A Group under any circumstances as we do not know what level of breach they have or what services are compromised.
  • Your account funds are reported to be secure. P&A Group has stated that their banking partners were not impacted by the disruption. We cannot validate this information, so please be vigilant.
  • Your NCFlex Convenience Card (debit card) remains active and can continue to be used for eligible plan expenses if you have an available balance, but we do not recommend accessing any mobile or web-based applications to check balances, etc.

What you should do now

Given that the P&A Group holds sensitive personal information, including Social Security Numbers, health account data, and banking details, we strongly encourage all affected employees to take the following precautionary steps:

  1. Monitor your financial accounts and credit reports for any unusual activity. You are entitled to a free credit report from each of the three major bureaus at AnnualCreditReport.com.
  2. Be alert to phishing attempts. Do not respond to unsolicited calls, emails, or text messages claiming to be from P&A Group asking for your personal information or login credentials.
  3. Do not click on suspicious links purporting to be from P&A Group until the situation is fully resolved.
  4. Document any failed attempts to access your account or contact P&A Group, in case this information is needed for future claims or legal purposes.

Current status

UNC System Office shared services are actively monitoring the situation and will provide further updates as they become available.

Contact: Angela Mahoney

July 7, 2026

SUBMIT AN ANNOUNCEMENT