Ransomware victim disclosure
← All victimsKewadin Casinos
listed as saulttribe.com/kewadin.com · Claimed by RansomHub · listed 1 year ago
Status timeline
- ListedFeb 15, 2025
- Data leakeddate unknown
At a glance
- Group
- RansomHub
- Status
- Data leaked
- Country
- United States
- Sector
- Hospitality and Tourism
- Listed on leak site
- Feb 15, 2025
About the victim
AI dossier — public-source company profileKewadin Casinos is a five-property casino operator in Michigan's Upper Peninsula owned by the Sault Tribe of Chippewa Indians. The facilities offer slot machines, table games, poker, bingo, and keno, along with hotels, RV parks, restaurants, bars, and entertainment venues across locations in Sault Ste. Marie, St. Ignace, Manistique, Christmas, and Hessel.
- Industry
- Gaming & Hospitality
- Address
- Multiple locations in Michigan's Upper Peninsula (Sault Ste. Marie, St. Ignace, Manistique, Christmas, Hessel)
Attack summary
Severity: medium — Data exfiltration claimed but no proof files advertised and no specific sensitive data categories detailed. Hospitality/gaming entities typically hold customer PII and financial records, elevating concern, but lack of proof or data inventory description limits confidence.RansomHub claims to have compromised Kewadin Casinos and exfiltrated data. No specific details on encryption, operational impact, or data categories are provided in the post.
Original description
AI-summarised, not from the leak postThe Sault Tribe of Chippewa Indians owns the Kewadin Casinos. They operate five casinos in Michigan, USA, offering a wide range of gaming options including slot machines, table games, poker, bingo, keno, and more. They also provide amenities like hotels, an RV park, dining venues, and entertainment facilities, making them a complete destination for leisure and entertainment.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

