SECURITY
SECURITY
SECURITY
Sedgwick confirms cyberattack on subsidiary after TridentLocker claims data theft
Claims and risk services administration company Sedgwick Claims Management Services Inc. has confirmed that a cyberattack impacted one of its subsidiaries late last year after the TridentLocker ransomware group claimed to have stolen sensitive data from the company.
The cyberattack occurred on Dec. 30 and involved Sedgwick Government Solutions Inc., a subsidiary that provides technology-enabled claims and risk administration services to U.S. federal agencies.
Sedgwick ticked off the standard response list in an attack like this: isolating systems, employing third-party cybersecurity experts to help with the investigation and informing law enforcement and stakeholders.
The company said the initial investigations had determined the attack was limited to an isolated file transfer system used by the subsidiary. It added that there is no evidence that its broader corporate network or its claims management platforms were affected.
The targeted subsidiary, Sedgwick Government Solutions, notably works with multiple U.S. federal agencies, including the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency. Sedgwick has begun notifying potentially impacted parties as part of its ongoing investigation, a process that could take weeks as forensic analysis continues.
The confirmation comes after the TridentLocker ransomware group claimed to have stolen about 3.4 gigabytes of data and threatened to publish the information if its demands were not met.
TridentLocker is a ransomware operation that uses a data extortion model that focuses on data theft and public disclosure threats rather than encrypting files.
“TridentLocker hitting a federal contractor serving DHS, ICE, CBP and CISA on New Year’s Eve is a statement,” Michael Bell, founder and chief executive of cybersecurity solutions provider Suzu Labs, told SiliconANGLE via email. “This group only emerged in November and they’re already going after companies that handle sensitive government claims and risk management data. Federal contractors remain high-value targets because attackers know these companies often have less mature security programs than the agencies they serve.”
He added that Sedgwick’s response about network segmentation “is what you want to hear, but 3.4 gigabytes from a file transfer system is still meaningful. These systems are designed to move documents between contractors and the agencies they serve and the investigation will determine what was actually in those files.”
Image: SiliconANGLE/Ideogram
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
