Sedgwick, a global leader in claims management and risk solutions, has disclosed a ransomware attack on its U.S. federal contractor subsidiary, Sedgwick Government Solutions. The incident, claimed by the emerging TridentLocker group, involved the theft of 3.4GB of data from an isolated file transfer system.
Attack Timeline and Scope
The breach was detected around December 30, 2025, with TridentLocker announcing the theft on New Year’s Eve via its Tor leak site. Sedgwick Government Solutions supports key U.S. agencies including DHS, ICE, CBP, USCIS, DOL, and CISA, handling claims and risk management. The company stressed that the affected system remains segmented, with no evidence of access to claims servers or disruption to client services.
TridentLocker Ransomware Profile
Launched in late November 2025, TridentLocker operates as a ransomware-as-a-service (RaaS) group using double-extortion—encrypting data and threatening leaks. It has claimed 12 victims across manufacturing, government, IT, and professional services, targeting North America, Europe, China, and the UK. Sedgwick ranks among its high-profile targets given its multi-billion-dollar revenue and 33,000 global employees.
Sedgwick’s Response and Implications
Sedgwick activated incident response protocols immediately, engaging external experts and notifying law enforcement and affected customers. A spokesperson confirmed no broader impact on Sedgwick operations. Cybersecurity professionals should monitor for IOCs from TridentLocker campaigns and prioritize segmentation in federal contractor environments to mitigate similar risks.
A clear, well-structured, and timely analysis. You’ve done an excellent job of balancing technical detail with accessibility—laying out the what, when, who, and why it matters without drifting into speculation or alarmism.
The way you contextualize TridentLocker’s emergence and tactics alongside Sedgwick’s scale and federal role adds real depth, and the emphasis on segmentation and monitoring makes this especially valuable for cybersecurity professionals. Informative, measured, and actionable—this is the kind of reporting that builds trust and understanding in a complex threat landscape.