August 27, 2025.
In February 2025 the Sault Tribe and the Kewadin Casino were a victim of a cyber-attack.
A recently filed class action lawsuit claims “On Sunday morning [February 9, 2025], the Sault Tribe and the Kewadian Casino suffered a ransomware attack. This attack impacted multiple computer and phone systems across tribal administration, including the casinos, health centers and various businesses." "RansomHub, a global hacker group, has claimed responsibility via a on-line post.
When Tribal Members called the tribe regarding their data being compromised they were told they would receive a credit protection service subscription but honestly in our view the tribe can only afford a limited amount of services, and the ship has already sailed. Most likely all your personal data is currently for sale on the dark web and will always be available going forward. In our view the best and most affordable way to protect yourself is to keep your credit frozen at all times, thawing it only long enough as needed to apply for credit along with monitoring your credit reports monthly.
To add injury to insult before the tribe had time to arrange for credit protection services for anyone including employees a Class Action Lawsuit was filed; Denis Berube Jr., individually and on behalf of all others similarly situated, Plaintiff, v. The Original Band of Sault Ste. Marie Chippewa Indians and Their Heirs d/b/a Kewadin Casinos, filed April 10, 2025.
The attorneys that filed the Class Action claim the Kewadin Casinos for its failure to properly secure and safeguard the information that it collected and maintained as part of its regular business practices, including Plaintiff's and Class Members' personally identifiable information ("PII").
Their legal argument is that “They filed because current and former Kewadin Casinos employees are required to provide the Gaming Commission with sensitive, non-public PII, to get a Tribal Gaming License as required by Federal Law in order to obtain employment or certain employment benefits provided by the tribe. They claim Kewadin Human Resources retains this information for many years and even after the employee-employer relationship has ended.
By obtaining, collecting, using, and deriving a benefit from the PII of Plaintiff and Class Members, the tribe assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.
“They claim the Casino failed to adequately protect the Plaintiff's and Class Members by not encrypting the files that contained highly sensitive information. This unencrypted, unredacted PII was compromised due to Defendant's negligent and/or careless acts and omissions and its utter failure to protect employees' sensitive data. Hackers targeted and obtained Plaintiffs and Class Members' PII because of its value in exploiting and stealing the identities of Plaintiff and Class Members. The present and continuing risk of identity theft and fraud to victims of the Data Breach will remain for their respective lifetimes.”
The tribe filed to have this case dismissed arguing they have Sovereign Immunity.
The Judge assigned to this case is Judge Robert J. Jonker, who is currently reviewing motions from both sides.
The best thing to come out of this is that the tribe is making the needed changes to protect our data from future cyber-attacks. Hopefully other tribes are being pro-active as a result of seeing other tribes’ ransomware attacks.
Bottom Line(s): Freeze everyone in your families’ credit (including babies) to protect yourselves from this and future cyber-attacks. The lawyers are correct when they assert the stolen personal data most likely will always be out there going forward for criminals to purchase. Reminder the folks that requested the ransom from the tribe did insist they wished no harm to members. I have no reason not to believe them, but I always keep my credit frozen so.....its up to you.
In our view this is all about lawyers wanting to take advantage of a bad situation for their own profit.


