**Sedgwick Discloses Data Breach Following TridentLocker Ransomware Attack**
Sedgwick, a global claims management and risk services provider with operations in over 80 countries and annual revenue of $4–5 billion, confirmed a cybersecurity incident affecting its federal contractor subsidiary, Sedgwick Government Solutions. The breach occurred after the TridentLocker ransomware group claimed to have stolen 3.4GB of data on New Year’s Eve (December 31, 2025).
Sedgwick Government Solutions handles claims and risk management for multiple U.S. federal agencies, including DHS, ICE, CBP, USCIS, DOL, and CISA. The company responded by activating incident response protocols with external cybersecurity experts and emphasized that the affected system—a segmented file transfer platform—was isolated from broader Sedgwick operations. There is no evidence of access to claims management servers or disruption to client services.
Law enforcement has been notified, and impacted customers are being informed. Sedgwick stated that the incident did not affect its wider business systems.
TridentLocker, a ransomware-as-a-service (RaaS) group that emerged in November 2025, employs double-extortion tactics, encrypting systems and threatening to leak stolen data if ransoms go unpaid. The group has targeted sectors including manufacturing, government, IT, and professional services, with victims primarily in North America and Europe, as well as China and the UK. Since its launch on November 11, 2025, the group has listed 12 confirmed victims on its Tor leak site.
Sedgwick TPRM report: https://www.rankiteo.com/company/sedgwick
Sedgwick Government Solutions TPRM report: https://www.rankiteo.com/company/sedgwick
"id": "sedsed1767602047",
"linkid": "sedgwick, sedgwick",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'U.S. federal agencies (DHS, '
'ICE, CBP, USCIS, DOL, CISA)',
'industry': 'Claims management and risk services '
'(Federal contractor)',
'location': 'Global (primarily U.S.)',
'name': 'Sedgwick Government Solutions',
'size': 'Part of a company with 33,000 employees',
'type': 'Subsidiary'}],
'customer_advisories': 'Impacted customers notified',
'data_breach': {'data_exfiltration': True},
'date_detected': '2026-01-01',
'date_publicly_disclosed': '2026-01-05',
'description': 'Sedgwick confirmed a cybersecurity incident affecting its '
'federal contractor subsidiary, Sedgwick Government Solutions, '
'after the TridentLocker ransomware group claimed to have '
'stolen 3.4GB of data on New Year’s Eve. The company handles '
'claims and risk management for U.S. federal agencies, '
'including DHS, ICE, CBP, USCIS, DOL, and CISA.',
'impact': {'data_compromised': '3.4GB of data stolen',
'operational_impact': "No impact on Sedgwick Government Solutions' "
'ability to serve clients',
'systems_affected': 'Isolated file transfer system'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (double extortion)',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'TridentLocker'},
'references': [{'date_accessed': '2026-01-05', 'source': 'SecurityAffairs'},
{'date_accessed': '2026-01-05', 'source': 'The Record Media'}],
'response': {'communication_strategy': 'Public disclosure and customer '
'notifications',
'containment_measures': 'Segmentation of Sedgwick Government '
'Solutions from other operations',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'network_segmentation': True,
'third_party_assistance': 'External cybersecurity experts '
'through outside counsel'},
'threat_actor': 'TridentLocker',
'title': 'Sedgwick discloses data breach after TridentLocker ransomware '
'attack',
'type': 'Ransomware'}