## Government Contractor Subsidiary Breach Confirmed by Sedgwick Amid TridentLocker Ransomware Claims

Government Contractor Subsidiary Breach Confirmed by Sedgwick Amid TridentLocker Ransomware Claims

Major Breach at Federal Services Arm

Sedgwick—a giant in claims and risk management—just admitted its subsidiary Sedgwick Government Solutions got hit by hackers. You know, the group that handles services for U.S. federal agencies? The breach surfaces after the TridentLocker ransomware gang bragged about stealing gigabytes of sensitive government docs.

Here’s relief: Sedgwick says its main corporate network wasn’t touched thanks to segmentation. But don’t breathe easy yet. This subsidiary deals with big-name agencies like CISA and Homeland Security. That’s a serious worry.

Scale and Significance of Operations

Get this: Sedgwick employs over 33,000 people globally and works with 59% of Fortune 500 companies. Their federal arm? It supports 20+ U.S. agencies. We’re talking high-impact partners:

• U.S. Citizenship and Immigration Services (USCIS)
• Department of Commerce
• U.S. Coast Guard (yup, listed twice—dual roles)
• Department of Labor
• Customs and Border Protection (CBP)

Why’s this terrifying? Government contractors like this manage tons of sensitive citizen data. Benefit claims, operational records—all supposed to be locked down tight.

Incident Response Framework Activated

A Sedgwick spokesperson told BleepingComputer they immediately called in cybersecurity experts through their lawyers. Law enforcement’s looped in too, though they’re not pinning blame yet.

Here’s their quote: "We’re handling a security incident at Sedgwick Government Solutions. Good news—it’s segmented from our main operations, so no wider systems or data were touched. And honestly? No signs they reached claims servers or disrupted client services."

That isolation strategy? Standard for contractors handling government data. File-transfer systems sit separate for exactly this reason—to contain breaches.

TridentLocker’s Intrusion Pattern

Sedgwick won’t confirm TridentLocker’s involvement, but clues add up. The group dumped samples of hacked docs—3.39 GB worth—on their darknet site. Screenshots verified by BleepingComputer show U.S. government project files.

TridentLocker’s been active since November. Their playbook? Steal data first, then encrypt systems. That way, even if victims recover files, they’ve still got leaked docs hanging over them. Scary, right? Right now, a dozen targets sit on their leak portal—big international names included.

Parallel Victim: Belgian Postal Service

The plot thickens with Belgium’s postal service, Bpost. Same attacker, same method. TridentLocker hit them December 3rd. Somehow Bpost kept services running despite stolen data, but it’s a pattern.

This group clearly targets giants in critical infrastructure—especially government contractors. Decentralized networks? Massive data troves? They’re like neon signs for hackers.

Systemic Vulnerabilities Highlighted

This breach exposes a weak spot: government subcontractors. Unlike federal systems, their networks often dodge strict oversight. So citizens' data ends up exposed through third parties. Segmentation helps, but phishing? Employee hacking? Still major threats.

Industry watchers call it a trend: ransomware gangs going after "indirect" government partners flying under cybersecurity radars. Those file-transfer systems? They’re prime targets everywhere now.

Ongoing Mitigation

Sedgwick’s cooperating with law enforcement and tightening security. Agencies like DHS and CISA launched audits—though they’re staying quiet on fixes for now.

Clients might relax hearing services weren’t disrupted. But honestly? If TridentLocker leaks those docs, the fallout could be brutal—privacy lawsuits, contract penalties. You heard their spokesperson: "We’re keeping clients updated." Translation: They know agencies could face heat too.

Bottom line? As government work flows through private partners, attackers get more doors to kick in. Agencies now have to guard not just themselves—but their whole vendor ecosystem.

---

Got thoughts on how contractors should tighten up? Or seen similar breach patterns? Let’s discuss.