Ransomware Group Breached a Federal Contractor Holding DHS, ICE, and World Trade Center Health Data

What Happened

On November 16, 2025, hackers gained unauthorized access to a Secure File Transfer Protocol server belonging to Managed Care Advisors, operating as Sedgwick Government Solutions. The company did not discover the breach until December 4, when it found that files on the server had been encrypted.

On New Year's Eve, a ransomware group calling itself TridentLocker claimed responsibility and published approximately 3.4 gigabytes of stolen data online. Sedgwick Government Solutions began notifying affected individuals on February 11, 2026, nearly three months after the breach occurred.

Who Is Sedgwick Government Solutions

Sedgwick Government Solutions, formerly known as Managed Care Advisors, is a federal government contractor that handles claims administration and risk management for some of the most sensitive agencies in the United States government.

Its client list includes the Department of Homeland Security, Immigration and Customs Enforcement, Customs and Border Protection, U.S. Citizenship and Immigration Services, the Department of Labor, and the Cybersecurity and Infrastructure Security Agency. The company also manages the Nationwide Provider Network for the World Trade Center Health Program, which provides medical monitoring and treatment for 9/11 first responders and survivors.

It also serves municipal agencies across all 50 states, the Smithsonian Institution, and the Port Authority of New York and New Jersey.

What Data Was Exposed

The compromised files included some of the most sensitive categories of personal information:

• Full names and home addresses
• Full or partial Social Security numbers
• Medical record images
• Completed World Trade Center Health Program forms

The World Trade Center Health Program forms are particularly sensitive. They contain detailed medical histories, treatment records, and exposure information for individuals who were present at Ground Zero or involved in rescue and recovery operations after the September 11 attacks.

Who Is TridentLocker

TridentLocker is a newly emerged ransomware gang that first appeared in November 2025. By the time it claimed the Sedgwick breach, it had listed only 12 total victims, including the Belgian postal service bpost.

New ransomware groups appear regularly, often using the same tools and techniques as established operations. Some are rebrands of previous groups seeking to shed unwanted attention. Regardless of whether TridentLocker is new or recycled, the damage is the same: sensitive federal data is now public.

The Federal Contractor Problem

This breach highlights a persistent vulnerability in government cybersecurity: the supply chain. Federal agencies implement security controls for their own systems, but they routinely share sensitive data with private contractors whose security standards may be lower.

Sedgwick stated that no wider company systems or claims management servers were affected, and the breach was limited to one isolated SFTP server. But that single server contained Social Security numbers and medical records for people enrolled in a program for 9/11 first responders.

The irony is hard to miss: CISA, the agency responsible for defending U.S. critical infrastructure from cyberattacks, is itself a client of the breached contractor.

What Affected Individuals Should Do

If you receive a breach notification from Managed Care Advisors or Sedgwick Government Solutions, take these steps immediately:

• Place a fraud alert or credit freeze with all three major credit bureaus (Equifax, Experian, TransUnion).
• Monitor your credit reports for any unfamiliar accounts or inquiries.
• Be on alert for phishing emails that reference the breach, your medical information, or government benefits. Criminals often use stolen data to craft convincing follow up scams.
• If you are enrolled in the World Trade Center Health Program, contact the program directly to verify any communications you receive.

Attorneys are investigating potential class action litigation for affected individuals.