Sedgwick Subsidiary Breach Exposes Government Contractor Data
▼ Summary
– Sedgwick confirmed a security breach at its federal contractor subsidiary, Sedgwick Government Solutions, while stating the parent company’s network was not affected.
– The subsidiary serves numerous U.S. government agencies, including CISA, DHS, and the Department of Commerce.
– The company has engaged external cybersecurity experts and notified law enforcement, with no evidence of impact on claims management servers or client service.
– The TridentLocker ransomware group claimed responsibility for the attack and has published some of the allegedly stolen 3.39 GB of documents.
– TridentLocker ransomware, which also recently breached Belgium’s postal service Bpost, lists about a dozen victims on its leak site.
A significant data breach has impacted Sedgwick Government Solutions, a subsidiary of the global claims administration firm Sedgwick, exposing sensitive information tied to numerous federal agencies. The parent company confirmed the security incident, emphasizing that its core corporate network remains unaffected due to segmentation. The compromised subsidiary provides critical services to over twenty government clients, including high-profile entities like the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security (DHS), and U.S. Customs and Border Protection (CBP). An investigation is underway with the assistance of external cybersecurity experts and law enforcement has been notified.
According to a company spokesperson, the breach was isolated to a specific file transfer system within the subsidiary. They stated that there is no evidence the attackers accessed primary claims management servers and affirmed that client service operations continue without interruption. The statement also confirmed that the wider Sedgwick business, which employs over 33,000 people and serves a vast portfolio including most Fortune 500 companies, was not compromised.
The incident has been claimed by the TridentLocker ransomware group, which publicly listed Sedgwick Government Solutions on its data leak site. The cybercriminals allege they exfiltrated approximately 3.39 gigabytes of documents and have begun publishing samples of the stolen data. While Sedgwick has not officially attributed the attack to a specific threat actor, its acknowledgment aligns with the ransomware group’s claims.
TridentLocker is a relatively new but active ransomware operation, first appearing in November. Its leak site lists about a dozen victims, including major organizations like Bpost, the Belgian national postal service. Bpost confirmed a network intrusion in early December but reported that its operations were not disrupted by the ransomware attack. The targeting of a key government contractor highlights the ongoing risk to critical supply chains and the sensitive data held by service providers. Sedgwick maintains it is following its incident response plan and keeping its government clients informed as the forensic investigation progresses.
(Source: Bleeping Computer)
