Ransomware victim disclosure
← All victimsjackpotjunction.com
Claimed by RansomHub · listed 1 year ago
Status timeline
- ListedMar 31, 2025
- Data leakeddate unknown
At a glance
- Group
- RansomHub
- Status
- Data leaked
- Country
- United States
- Sector
- Hospitality and Tourism
- Listed on leak site
- Mar 31, 2025
About the victim
AI dossier — public-source company profileJackpot Junction Casino Hotel is a Minnesota-based casino hotel owned and managed by the Lower Sioux Indian Community, located in Morton. It operates over 440,000 square feet of gaming space with slot machines, table games, a 378-room hotel, restaurants, convention center, golf course, and live entertainment.
- Industry
- Gaming & Hospitality — Casino Hotel
- Address
- Morton, Minnesota, United States
Attack summary
Severity: medium — Data has been published by the ransomware group (disclosed_status: data_published), indicating confirmed exfiltration. However, the leak post excerpt does not specify data types, volume, or sensitive categories (e.g., PII at scale, payment cards, medical), nor does it detail operational disruption. Without granular evidence of regulated data compromise, this rates as medium rather than high or critical.RansomHub claims to have conducted an attack on Jackpot Junction Casino Hotel. The group has published data but the specific nature of exfiltration (data types, scope) and operational impact are not detailed in the leak post excerpt provided.
Data the group says was taken
AI dossier — extracted from the leak post- customer records
- employee information
- financial data
Original description
AI-summarised, not from the leak postJackpot Junction is a Minnesota-based casino hotel owned and managed by the Lower Sioux Indian Community. With 440,000 square feet of gaming space, it offers a variety of games such as slot machines, blackjack, poker, bingo, etc. It also features a hotel with 378 rooms, restaurants, convention center, live shows, golf course, and other amenities.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

