Third-party claims and benefits administrator Sedgwick has confirmed a cyberattack after a ransomware group claimed it hacked Sedgwick Government Solutions.
Sedgwick Government Solutions provides claims and risk management services to US government agencies, including the DHS, CISA, and municipalities across the country.
“Sedgwick is addressing a security incident at one of its subsidiaries, Sedgwick Government Solutions,” a Sedgwick spokesperson said in a statement to SecurityWeek.
The third-party administrator (TPA) initiated incident response protocols immediately after detecting the incident and engaged with cyber experts to investigate it.
The attack, it said, only affected an isolated file transfer system, and not its network or that of its subsidiary.
“Sedgwick Government Solutions is segmented from the rest of our business, and no wider Sedgwick systems or data were affected,” the company’s spokesperson said.
“There is no evidence of access to claims management servers nor any impact on Sedgwick Government Solutions ability to continue serving its clients. We have notified law enforcement and remain in contact with our clients as we conduct our investigation,” Sedgwick’s representative said.
On New Year’s Eve, the TridentLocker ransomware group boasted about stealing roughly 3.4 gigabytes of data from Sedgwick Government Solutions, which it leaked publicly. Sedgwick did not comment on the hackers’ claims.
First spotted in November, TridentLocker engages in double extortion and identifies itself as a data broker. To date, it has listed a dozen victims on its Tor-based leak site, including IQS, LGM Holdings, Noment Inc., and Belgian postal and package delivery service Bpost.
Related: Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks
Related: Ukrainian Nefilim Ransomware Affiliate Pleads Guilty in US
Related: 700,000 Records Compromised in Askul Ransomware Attack
Related: Ransomware Payments Surpassed $4.5 Billion: US Treasury
