Sedgwick confirms a cyber breach at its government contractor subsidiary after unauthorized access to a file transfer system and possible data exfiltration.

Continue reading
Sedgwick has confirmed a cybersecurity breach impacting Sedgwick Government Solutions, a subsidiary that provides claims administration and risk management services to multiple U.S. federal agencies.
The company disclosed that the incident involved unauthorized access to a file transfer application used by the subsidiary. Upon detection, Sedgwick says it immediately activated its incident response protocols, engaged external cybersecurity experts, and notified law enforcement authorities.
According to Sedgwick’s statement:
While the company has characterized the breach as isolated, it has acknowledged that data may have been accessed or exfiltrated during the incident.
A ransomware operation known as TridentLocker has publicly claimed responsibility for the breach. The group alleges it exfiltrated approximately 3.4 GB of data, which it has begun publishing on its leak site.
Sedgwick has not independently confirmed the authenticity of the leaked data. However, the timing of the claim aligns with the company’s disclosure, and TridentLocker has been linked to multiple confirmed extortion-driven intrusions since late 2025.
Sedgwick Government Solutions works with a range of high-value U.S. government entities, including agencies tied to homeland security, immigration services, and federal workforce administration.
Even when attackers gain access to a “non-core” system, the exposure can be meaningful:
This incident reinforces a growing reality in cyber risk: supply-chain adjacencies are now prime attack surfaces.
The Sedgwick incident reflects a recurring trend seen across large enterprises and government contractors:
While segmentation helped limit operational impact here, containment does not automatically equate to low risk, especially when sensitive government-linked data is involved.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation