Sedgwick Government Solutions Confirms Ransomware and Data Breach
Sedgwick confirmed a cybersecurity incident at its government-focused subsidiary, Sedgwick Government Solutions (SGS), after the TridentLocker ransomware group claimed responsibility for stealing approximately 3.4 GB of data. The unauthorized access, disclosed just this week, involved an isolated file transfer system used by SGS, which provides claims administration and risk management services to major U.S. federal agencies, including DHS, ICE, CBP, USCIS, DOL, and CISA, as well as numerous state and municipal entities. TridentLocker publicly listed SGS as a victim on December 31, 2025, posting sample files on its dark web leak site as part of a double-extortion ransomware campaign - a tactic that combines data exfiltration with the threat of public disclosure.
Sedgwick stated that it activated formal incident response procedures immediately and notified law enforcement and affected clients. The incident continues to pose reputational risk, regulatory scrutiny, and potential contractual implications, particularly given SGS’s role as a federal contractor handling sensitive government data. The breach also reflects a broader trend: TridentLocker, a ransomware-as-a-service group that emerged in late 2025, has already claimed a dozen victims across government, manufacturing, and professional services sectors.
This incident underscores why federal contractors must unify security data, tooling, and response workflows to defend against modern ransomware operations. Effective protection requires consolidating incident response platforms, autonomous threat detection, behavioral analytics, deception technologies, data exfiltration monitoring, zero trust enforcement, and supply chain risk intelligence into a single operational plane with a system like NIKSUN. In environments aligned with federal expectations such as NIST and CMMC, integrated security operations - not isolated tools - are essential to maintaining trust, mission continuity, and resilience against increasingly aggressive ransomware campaigns. Read more about this story on our LinkedIn page
Sedgwick stated that it activated formal incident response procedures immediately and notified law enforcement and affected clients. The incident continues to pose reputational risk, regulatory scrutiny, and potential contractual implications, particularly given SGS’s role as a federal contractor handling sensitive government data. The breach also reflects a broader trend: TridentLocker, a ransomware-as-a-service group that emerged in late 2025, has already claimed a dozen victims across government, manufacturing, and professional services sectors.
This incident underscores why federal contractors must unify security data, tooling, and response workflows to defend against modern ransomware operations. Effective protection requires consolidating incident response platforms, autonomous threat detection, behavioral analytics, deception technologies, data exfiltration monitoring, zero trust enforcement, and supply chain risk intelligence into a single operational plane with a system like NIKSUN. In environments aligned with federal expectations such as NIST and CMMC, integrated security operations - not isolated tools - are essential to maintaining trust, mission continuity, and resilience against increasingly aggressive ransomware campaigns. Read more about this story on our LinkedIn page