Sedgwick, one of the world’s largest claims management companies, has been targeted by the TridentLocker ransomware group, with attackers claiming to have exfiltrated sensitive data from systems supporting government services operations.
About Sedgwick
Sedgwick is a leading global provider of technology-enabled risk, benefits, and integrated business solutions, handling:
- Workers’ compensation claims
- Property and casualty claims
- Disability and leave management
- Government services administration
The company processes millions of claims annually for major insurers, corporations, and government entities.
Attack Details
The TridentLocker group claims to have:
- Gained access to Sedgwick’s internal systems
- Exfiltrated data from government services operations
- Obtained sensitive claims and personal information
Potential Impact
Given Sedgwick’s role in claims processing, compromised data could include:
- Personal identifiable information (PII): Names, SSNs, addresses
- Medical information: Injury details, treatment records
- Financial data: Payment information, bank accounts
- Employment records: Salary, job history
- Government program data: Benefits claims, eligibility information
Third-Party Risk
This attack underscores the risk posed by third-party service providers:
- Claims administrators handle sensitive data for multiple organizations
- A single breach can impact thousands of businesses and millions of individuals
- Attackers increasingly target service providers for maximum leverage
Recommendations
For Sedgwick clients:
- Monitor for breach notifications
- Review data sharing agreements
- Assess exposure of shared information
- Prepare incident response plans
For organizations generally:
- Evaluate third-party security posture
- Limit data shared with service providers
- Require breach notification clauses in contracts
- Conduct regular vendor security assessments