05/69 Tuesday, January 6, 2026
Sedgwick, a global provider of claims management and risk administration services, has disclosed a cybersecurity incident affecting one of its U.S. government contracting units, Sedgwick Government Solutions, after the TridentLocker ransomware group claimed it had accessed and exfiltrated approximately 3.4 GB of data. The incident was publicly disclosed around New Year’s Eve. Sedgwick operates in more than 80 countries and provides services to multiple U.S. government agencies, including DHS, ICE, CBP, USCIS, DOL, and CISA.
Sedgwick stated that upon detecting the incident, the company immediately activated its cyber incident response plan and engaged external cybersecurity experts to support the investigation. The company emphasized that Sedgwick Government Solutions operates within a segmented environment, which helped prevent the incident from impacting other business units or systems across the organization. According to Sedgwick, there is no evidence that systems used to manage claims were accessed, and the incident did not affect the company’s ability to provide services to its clients.
TridentLocker is a Ransomware-as-a-Service (RaaS) group that began operating in late November 2025 and is known for using a double extortion strategy—encrypting victim data while simultaneously threatening to leak stolen information if a ransom is not paid. The group targets organizations across multiple sectors, including government, manufacturing, and information technology, with a primary focus on North America and Europe. Sedgwick confirmed that it has notified relevant law enforcement authorities and is in the process of informing potentially affected customers.
