Cyber Incident Victim: Sedgwick Government Solutions
Date:
Dec 2025
Location:
United States of America
Summary
Sedgwick Government Solutions confirmed a cyberattack after the TridentLocker ransomware group claimed to have stolen data from its isolated file transfer system. The subsidiary said the breach was limited to that system, with no access to its broader network or claims management servers, and that it initiated incident response protocols, engaged cyber experts, and notified law enforcement. TridentLocker, which describes itself as a data broker and engages in double extortion, leaked approximately 3.4 gigabytes of data publicly. The company emphasized that there is no evidence of impact on its ability to serve clients and that it remains in contact with affected agencies while the investigation continues.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Sedgwick confirmed a cyberattack affecting its subsidiary Sedgwick Government Solutions after detecting a security incident. The company initiated incident response protocols immediately upon detection and engaged cyber experts to investigate the incident. A Sedgwick spokesperson stated that the company was addressing a security incident at Sedgwick Government Solutions. According to the spokesperson, the attack only affected an isolated file transfer system and did not impact the broader network or that of the subsidiary. Sedgwick Government Solutions is segmented from the rest of Sedgwick’s business, and no wider Sedgwick systems or data were affected. The spokesperson said there is no evidence of access to claims management servers nor any impact on the subsidiary’s ability to continue serving its clients. Sedgwick notified law enforcement and remained in contact with its clients while conducting the investigation. The incident response included ongoing communication with affected government agencies that rely on the subsidiary’s claims and risk management services.
On New Year’s Eve, the ransomware group TridentLocker claimed to have stolen roughly 3.4 gigabytes of data from Sedgwick Government Solutions and leaked the data publicly. Sedgwick did not comment on the hackers’ claims regarding the data theft. TridentLocker was first spotted in November and engages in double extortion tactics while identifying itself as a data broker. The group maintains a Tor‑based leak site where it has listed a dozen victims, including IQS, LGM Holdings, Noment Inc., and the Belgian postal and package delivery service Bpost. The leaked data from Sedgwick Government Solutions was presented as part of TridentLocker’s public extortion effort.
Sedgwick Government Solutions provides claims and risk management services to US government agencies, including the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency, and municipalities across the country. The spokesperson stated that the attack only affected an isolated file transfer system and did not impact the network of Sedgwick Government Solutions or the wider Sedgwick business. Sedgwick’s representative said there is no evidence of access to claims management servers nor any impact on the subsidiary’s ability to continue serving its clients. The company notified law enforcement and remained in contact with clients while conducting the investigation with the assistance of cyber experts. No further details about the specific content of the leaked data were provided by Sedgwick in its public statements.