Sedgwick confirmed that a cyber incident recently affected its federal contractor subsidiary after the TridentLocker group claimed to have stolen several gigabytes of data. The company is currently investigating the breach and notifying relevant law enforcement and clients while maintaining that the rest of its global operations remain secure.
Sedgwick is a major global provider of claims management and risk services that operates in dozens of countries with tens of thousands of employees. As a multi-billion dollar entity, the company manages critical infrastructure and insurance solutions for a wide range of organizations. The recent breach targeted Sedgwick Government Solutions, a specific unit that handles specialized work for several United States federal agencies.
The incident came to light after the TridentLocker ransomware group publicly claimed to have exfiltrated roughly 3.4 gigabytes of data on the final day of 2025. This subsidiary is responsible for managing claims for high-profile departments such as Homeland Security, Customs and Border Protection, and the Cybersecurity and Infrastructure Security Agency. In response to the breach, Sedgwick immediately launched its internal defense protocols and hired third-party experts to determine exactly what information was compromised.
A spokesperson for the company clarified that the attack was limited to an isolated file transfer system rather than the broader corporate network. They emphasized that the government-focused subsidiary is technically segmented from the rest of the business, which prevented the intrusion from spreading to other global systems. The company stated that there has been no evidence of unauthorized access to their primary claims management servers or any disruption to their daily operations.
Sedgwick has already begun the process of informing the specific customers who may have been impacted by the data theft. While the investigation continues, the firm remains confident that their ability to serve their government clients has not been hindered. This proactive communication is part of their standard response to ensure transparency with the federal agencies that rely on their administrative services.
The group responsible for the attack, TridentLocker, is a relatively new ransomware-as-a-service operation that first appeared in late 2025. This criminal organization typically employs double-extortion methods, meaning they both lock up files and threaten to leak sensitive data if a ransom is not paid. They have recently targeted various sectors including manufacturing and information technology across North America, Europe, and Asia.
Source: Sedgwick Discloses Data Breach After TridentLocker Ransomware Attack