On New Year’s Eve 2025/2026, the TridentLocker ransomware-as-a-service (RaaS) group claimed an attack on Sedgwick Government Solutions, a subsidiary of Sedgwick that provides claims and risk management services to federal agencies including DHS, ICE, CBP, USCIS, Department of Labor, and CISA. The group claimed to have stolen 3.4 GB of data. Sedgwick confirmed the incident involved an isolated file transfer system and stated no broader Sedgwick operations or data were impacted due to network segmentation. TridentLocker emerged in late November 2025 and uses standard double-extortion tactics.