Sedgwick discloses data breach after TridentLocker ransomware attack

AndyC 5 January 2026

Sedgwick discloses data breach after TridentLocker ransomware attack

Sedgwick discloses data breach after TridentLocker ransomware attack

Sedgwick discloses data breach after TridentLocker ransomware attack

Sedgwick discloses data breach after TridentLocker ransomware attack

Pierluigi Paganini
January 05, 2026

Sedgwick confirmed a cyber incident at its federal contractor unit after TridentLocker claimed to steal 3.4GB of data.

Sedgwick is a leading global claims management and risk services provider operating in the insurance and risk solutions sector. It employs roughly 33,000 people worldwide, across more than 80 countries.

Estimated annual revenue is in the multi-billion dollar range: sources suggest around $4–5 billion per year.

Sedgwick confirmed a cybersecurity incident affecting its federal contractor subsidiary, Sedgwick Government Solutions, after the TridentLocker ransomware group claimed to have stolen 3.4GB of data on New Year’s Eve.

The company handles claims and risk management for U.S. federal agencies, including DHS, ICE, CBP, USCIS, DOL, and CISA.

Sedgwick responded to the incident by immediately activating its incident response protocols with the support of external cybersecurity experts. The company is investigating the scope of the incident. The company emphasized that Sedgwick Government Solutions is segmented from other Sedgwick operations, ensuring that no broader systems or data were impacted.

“Following the detection of the incident, we initiated our incident response protocols and engaged external cybersecurity experts through outside counsel to assist with our investigation of the affected isolated file transfer system,” a company spokesperson told The Record Media. “Importantly, Sedgwick Government Solutions is segmented from the rest of our business, and no wider Sedgwick systems or data were affected. Further, there is no evidence of access to claims management servers nor any impact on Sedgwick Government Solutions ability to continue serving its clients.”

The company notified law enforcement and is notifying impacted customers. Additionally, Sedgwick added that there is no evidence of access to claims management servers, and the subsidiary’s ability to continue serving clients remains unaffected.

TridentLocker is a ransomware-as-a-service (RaaS) operation that emerged in late November 2025. The group uses standard double-extortion tactics: encrypting systems and threatening to release exfiltrated data if ransoms aren’t paid. It focuses on diverse sectors including manufacturing, government, IT, and professional services, primarily targeting North America and Europe, but also China and the UK.

The Tor leak site lists 12 confirmed victims since the beginning of the operation on November 11, 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

More Stories

Google fixes critical Dolby Decoder bug in Android January update

Google fixes critical Dolby Decoder bug in Android January update

AndyC 7 January 2026
Is GenAI Leaving Two-Thirds of Security Teams Behind?

Resecurity Went on the Cyber Offensive – When ‘Shiny Objects’ trick ‘Shiny Hunters’

AndyC 7 January 2026
Report: Increase Usage of Generative AI Services Creates Cybersecurity Challenge

Coinbase insider who sold customer data to criminals arrested in India

AndyC 7 January 2026
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

AndyC 6 January 2026
How can Agentic AI enhance cloud security?

10 Tough AI Questions for the 2026 Public-Sector CIO

AndyC 6 January 2026
Kimwolf botnet leverages residential proxies to hijack 2M+ Android devices

Kimwolf botnet leverages residential proxies to hijack 2M+ Android devices

AndyC 6 January 2026

You may have missed

CISO Masterclass: Navigating Today’s Cyber Landscape with Ahmed Nabil Mahmoud

The AI Exchange: Innovators in Payment Security Featuring Jscrambler

AndyC 7 January 2026
Google fixes critical Dolby Decoder bug in Android January update

Google fixes critical Dolby Decoder bug in Android January update

AndyC 7 January 2026
Is GenAI Leaving Two-Thirds of Security Teams Behind?

Resecurity Went on the Cyber Offensive – When ‘Shiny Objects’ trick ‘Shiny Hunters’

AndyC 7 January 2026
How can Agentic AI enhance cloud security?

As Ransomware Attacks Surge, Healthcare Must Look Beyond Compliance to Establish a Cyber Risk Mindset

AndyC 7 January 2026
Is it time for Apple to introduce 5G Macs?

NDSS 2025 – Exploiting the Complexity Of Modern CSS For Email And Browser Fingerprinting

AndyC 7 January 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.