U.S. federal contractor Seigewick suffers ransomware attack during the Spring Festival holiday... 3.4GB of confidential data leaked

Sedgwick(Sedgwick), a subsidiary that provides risk management services to U.S. federal government agencies, officially acknowledged a cyberattack recently. The attack occurred on December 30 of last year, after the TridentLocker(TridentLocker) ransomware group claimed to have stolen confidential data.

Sedgwick explained that the affected business unit was “Sedgwick Government Solutions”(Sedgwick Government Solutions), which is working with major federal agencies such as the Department of Homeland Security(DHS) and the Cybersecurity and Infrastructure Security Agency(CISA). The company added that immediate standard response procedures were implemented following the incident, including system shutdowns, engaging external cybersecurity experts, and notifying relevant authorities.

The company emphasized that, so far, investigations show that the intrusion was limited to the subsidiary’s file transfer system, with no signs of spreading to the headquarters network or the entire claims platform. However, the specific nature of the stolen files remains unclear, and digital forensic results in the coming weeks may increase the number of affected clients and organizations.

The TridentLocker(TridentLocker) group, which led this attack, is a relatively new ransomware organization first observed in November 2025. The group has gained attention for its “data hijacking” approach, primarily stealing critical data and using it as a public threat, rather than traditional file encryption methods.

Michael BellMichael Bell, CEO of cybersecurity firm Suzu Labs, commented, “Targeting contractors handling claims data for DHS, ICE, CBP, CISA, and other agencies on the last day of the New Year’s holiday is symbolic.” He analyzed, “The security systems of these federal contractors are usually weaker than those of the agencies themselves, making them highly attractive targets for hackers.”

He further warned, “Although Sedgwick’s self-defined ‘network isolation’ measures seem appropriate, the fact that only 3.4GB of data was leaked indicates that the threat should not be underestimated. Even a single file in government-related systems can cause a fatal impact on the entire business chain.”

This incident once again confirms that the security gap between federal agencies and private contractors is becoming a new breakthrough point for cyberattacks. Given the current security shortcomings, there is an increasing call from policymakers and industry experts to comprehensively reassess cross-industry security strategies to resist the next wave of attacks.