San Jose officials notified current and former city employees that a USB drive was lost on Jan. 9 and may have contained sensitive employee data, including Social Security numbers; the city has not disclosed how many individuals were affected. Separately, Conduent Business Services reported a large-scale compromise in which attackers allegedly accessed its network from Oct. 21, 2024 to Jan. 13, 2025 and exfiltrated files containing personal and medical data; multiple state-level notices and alerts cited impacts ranging from 10.5 million individuals (Oregon DOJ alert) to 4 million residents (Texas), with Conduent stating it has not seen evidence of misuse or public posting to date.
In another incident, Managed Care Advisors / Sedgwick Government Solutions disclosed a ransomware event affecting a corporate SFTP server that stored PII/PHI; the company said the intrusion began Nov. 16, 2025 via exploitation of a vulnerability in the SFTP application, was detected Dec. 4, 2025, and resulted in encryption of files on that server only. Sedgwick reported it disabled SFTP connections, restored data from backups the next day, and engaged Mandiant for forensic support, stating the investigation found no compromise beyond the single server.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
8 events from the most recent confirmed update back to the earliest known activity.
By February 2026, San Jose had sent letters to potentially affected individuals about the lost USB drive, including current employees and former employees who had left years earlier. Officials did not disclose how many people may have been impacted.
On February 18, 2026, reporting disclosed the ransomware incident affecting Managed Care Advisors and Sedgwick Government Solutions, including unauthorized access to personal data and protected health information. Sedgwick also said it was offering complimentary credit monitoring, identity theft protection, and identity theft insurance to affected individuals.
On January 15, 2026, Sedgwick confirmed that the affected data included names, addresses, Social Security numbers, dates of birth, and protected health information, with the exact data elements varying by individual. This clarified the scope of information exposed in the ransomware incident.
On January 9, 2026, a City of San Jose workforce member lost a USB drive that may have contained private information, including Social Security numbers, for current and former city employees. The city later described the incident as a potential data breach.
On January 2, 2026, a threat group calling itself TridentLocker claimed responsibility for the Sedgwick incident. The group posted about 3.4 GB of allegedly stolen data on a dark web leak site.
The day after detection, Sedgwick restored the encrypted data on the affected SFTP server from a secure backup. The company reported no evidence that any other systems in its environment were compromised.
On December 4, 2025, Sedgwick detected unauthorized access and ransomware activity affecting its corporate SFTP server. The company disabled all connections to the server and engaged Mandiant to support the forensic investigation.
Managed Care Advisors and Sedgwick Government Solutions later determined that attackers first gained access to a corporate SFTP server on November 16, 2025 by exploiting a vulnerability in the SFTP application. The intrusion was found to be limited to that single server.
3 references tracked. Mallory keeps watching after this page renders.
databreaches.net
Open sourcegovtech.com
Open sourcehipaajournal.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.