• Sedgwick — a major claims administration and risk management company — has confirmed a cybersecurity incident at its government-focused subsidiary, Sedgwick Government Solutions, which works with multiple U.S. federal agencies including DHS, ICE, CBP, USCIS, DOL and CISA.
• The TridentLocker ransomware group claimed it attacked the subsidiary around New Year’s Eve, asserting it stole roughly 3.4 GB of internal data.

Company response

• Sedgwick says it detected the incident, activated response protocols, and engaged external cybersecurity specialists.
• The affected environment is reportedly an isolated file transfer system used by the government solutions unit.
• Sedgwick emphasized that its broader corporate systems remain segmented and unaffected, with no confirmed access to core claims management servers and no impact on service continuity so far.
• Law enforcement has been notified and clients are being informed.

About the threat actor

• TridentLocker is a relatively new ransomware/extortion group that began operations late in 2025; this attack on Sedgwick Government Solutions adds to a growing list of victims on its public leak site.

Risks and wider context

• Independent reporting indicates the attack resulted in significant data exposure that could include internal and operational records tied to federal programs.
• As with other breaches targeting government service providers, even if core agency systems weren’t directly compromised, stolen context and data can increase the risk of secondary phishing, social engineering, or intelligence efforts against contractors and personnel.