Sedgwick has confirmed a cybersecurity incident at its government-focused subsidiary after the TridentLocker ransomware gang claimed duty for stealing 3.4 gigabytes of information. The breach highlights ongoing dangers to federal contractors dealing with delicate U.S. company knowledge.
Claims administration large Sedgwick acknowledged on January 4, 2026, that Sedgwick Authorities Options (SGS) skilled unauthorized entry to an remoted file switch system.
The subsidiary gives threat administration and claims providers to key federal purchasers, together with the Division of Homeland Safety (DHS), Immigration and Customs Enforcement (ICE), Customs and Border Safety (CBP), U.S. Citizenship and Immigration Companies (USCIS), Division of Labor (DOL), and Cybersecurity and Infrastructure Safety Company (CISA). SGS additionally helps municipal businesses throughout all 50 states, the Smithsonian Establishment, and the Port Authority of New York and New Jersey.
TridentLocker publicly listed SGS as a sufferer on New 12 months’s Eve, December 31, 2025, claiming to have exfiltrated 3.39 GB of paperwork and posting samples on its darkish internet leak website.
The ransomware-as-a-service (RaaS) group, which emerged in late November 2025, employs double-extortion ways, encrypting methods and threatening knowledge leaks.
A Sedgwick spokesperson instructed The File Media.“Following the detection of the incident, we initiated our incident response protocols and engaged exterior cybersecurity consultants by means of outdoors counsel to help with our investigation of the affected remoted file switch system.”
The corporate emphasised segmentation: “Importantly, Sedgwick Authorities Options is segmented from the remainder of our enterprise, and no wider Sedgwick methods or knowledge have been affected. Additional, there is no such thing as a proof of entry to claims administration servers nor any impression on Sedgwick Authorities Options’ means to proceed serving its purchasers.”
Sedgwick, which employs over 33,000 folks throughout 80 international locations and generates multi-billion-dollar income, has notified regulation enforcement and purchasers whereas persevering with operations. CISA and DHS didn’t reply to requests for remark.
TridentLocker has claimed 12 victims since November 2025, spanning manufacturing, authorities, IT, {and professional} providers, primarily in North America and Europe.
Ransomware Gang Declare
Notable prior targets embody the Belgian postal service bpost, which confirmed a breach. The group makes use of ways like knowledge exfiltration over internet protocols (MITRE ATT&CK T1071.001) and encryption for impression (T1486).
Federal contractors face repeated ransomware assaults; Conduent’s 2025 assault uncovered knowledge on greater than 10 million folks, whereas Chemonics suffered a breach focusing on USAID work.
Specialists urge enhanced segmentation, incident response, and provide chain scrutiny amid rising threats to public sector companions. Sedgwick’s cyber providers arm sarcastically promotes fast response, underscoring the irony within the incident.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
