{ "id": "7cec9502-9387-4a21-9736-57f4b675b288", "created_at": "2026-04-06T00:07:58.17592Z", "updated_at": "2026-04-10T13:12:23.85429Z", "deleted_at": null, "sha1_hash": "850b2267c64b716040f05b7ea6300beb8d2137d7", "title": "Sedgwick confirms cyber incident affecting its major federal contractor subsidiary", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 34211, "plain_text": "Sedgwick confirms cyber incident affecting its major federal\r\ncontractor subsidiary\r\nBy Jonathan Greig\r\nPublished: 2026-01-02 · Archived: 2026-04-05 14:16:27 UTC\r\nClaims administration company Sedgwick confirmed that its government-focused subsidiary is dealing with a\r\ncybersecurity incident. \r\nOn New Year’s Eve, the TridentLocker ransomware gang claimed it attacked Sedgwick Government Solutions and\r\nstole 3.4 gigabytes of data.\r\nA Sedgwick spokesperson confirmed the company is currently addressing a security incident at the subsidiary,\r\nwhich provides claims and risk management services to federal agencies like the Department of Homeland\r\nSecurity (DHS), Immigration and Customs Enforcement, Customs and Border Protection, Citizenship and\r\nImmigration Services, the Department of Labor, and the Cybersecurity and Infrastructure Security Agency\r\n(CISA).\r\n“Following the detection of the incident, we initiated our incident response protocols and engaged external\r\ncybersecurity experts through outside counsel to assist with our investigation of the affected isolated file transfer\r\nsystem,” the spokesperson said. \r\n“Importantly, Sedgwick Government Solutions is segmented from the rest of our business, and no wider Sedgwick\r\nsystems or data were affected. Further, there is no evidence of access to claims management servers nor any\r\nimpact on Sedgwick Government Solutions ability to continue serving its clients.”\r\nThe company has notified law enforcement and is in contact with its customers about the incident. \r\nCISA and DHS did not respond to requests for comment. The company also provides services to municipal\r\nagencies in all 50 states as well as the Smithsonian Institution and the Port Authority of New York and New\r\nJersey. \r\nTridentLocker is a new ransomware gang that emerged in November, cybersecurity experts said. The group\r\npreviously took credit for an attack on the Belgian postal and package delivery service bpost, which confirmed\r\nthat it recently suffered from a data breach. \r\nThe group has listed a total of 12 victims on its leak site since its emergence. \r\nRansomware gangs have repeatedly targeted federal government contractors like Sedgwick. More than 10 million\r\npeople had information leaked after the prominent government contractor Conduent was attacked one year ago. \r\nGet more insights with the\r\nRecorded Future\r\nhttps://therecord.media/sedgwick-cyber-incident-ransomware\r\nPage 1 of 2\n\nIntelligence Cloud.\r\nLearn more.\r\nSource: https://therecord.media/sedgwick-cyber-incident-ransomware\r\nhttps://therecord.media/sedgwick-cyber-incident-ransomware\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "origins": [ "web" ], "references": [ "https://therecord.media/sedgwick-cyber-incident-ransomware" ], "report_names": [ "sedgwick-cyber-incident-ransomware" ], "threat_actors": [ { "id": "8fef7364-ecf1-4249-8f24-64629c2beed8", "created_at": "2026-02-07T02:00:03.661958Z", "updated_at": "2026-04-10T02:00:03.959879Z", "deleted_at": null, "main_name": "TridentLocker", "aliases": [], "source_name": "MISPGALAXY:TridentLocker", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434078, "ts_updated_at": 1775826743, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/850b2267c64b716040f05b7ea6300beb8d2137d7.pdf", "text": "https://archive.orkl.eu/850b2267c64b716040f05b7ea6300beb8d2137d7.txt", "img": "https://archive.orkl.eu/850b2267c64b716040f05b7ea6300beb8d2137d7.jpg" } }