What happened
Sedgwick cyber incident involving TridentLocker ransomware occurred when the TridentLocker ransomware gang claimed it breached Sedgwick Government Solutions on New Year’s Eve and exfiltrated approximately 3.4 GB of data from an isolated file transfer system used by the federal contractor subsidiary. Sedgwick confirmed the incident and activated its incident response protocols, engaging external cybersecurity experts and notifying law enforcement. The subsidiary supports federal agencies including DHS, ICE, CBP, USCIS, DOL, and CISA. The company states that the broader Sedgwick enterprise and core systems remain segmented and unaffected, with no evidence of access to claims management servers.Â
Who is affected
Sedgwick Government Solutions’ federal clients and partners are directly affected by this security incident, raising concerns about potential exposure of sensitive operational information. Other Sedgwick units claim no impact, though the incident underscores risk for contractors serving high-security government customers.Â
Why CISOs should care
Ransomware groups are increasingly targeting government contractors due to access to sensitive data and downstream impact. CISOs should prioritize segmentation between business units and ensure rapid response capabilities for third-party breaches that could affect trust and compliance.Â
3 practical actions
-
Review Segmentation Controls: Validate network and system isolation between subsidiaries and core corporate assets.
-
Test Incident Response: Exercise breach response plans with key vendors and third parties.
-
Enhance Vendor Oversight: Tighten security performance expectations and monitoring for contractors and MSPs.