Cyber Incident Victim: Sault Ste. Marie Tribe of Chippewa Indians
Date:
Feb 2025
Location:
United States of America
Summary
The Sault Ste. Marie Tribe of Chippewa Indians suffered a cyberattack causing widespread operational disruptions, including shutdowns of tribal government services, healthcare facilities, casinos, gas stations, and hotels, along with phone outages and canceled events. The tribe refused ransom demands, citing distrust in the attackers, and worked with cybersecurity experts and law enforcement to restore most operations, though healthcare services faced prolonged recovery. A forensic audit is underway to determine the scope of compromised data, involving manual review of extensive documents, while affected individuals were advised to secure personal information proactively.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 9, 2025, the Sault Ste. Marie Tribe of Chippewa Indians detected a cyberattack that disrupted tribal government operations, healthcare services, and commercial enterprises. The incident forced immediate shutdowns of gas stations, casinos, hotels, and tribal administrative functions, while phone systems became inoperable and scheduled events were canceled. Healthcare services faced significant restructuring, with pharmacies and medical divisions requiring alternative operational protocols. Tribal Chairman Austin Lowes acknowledged the severity of the disruption in late February 2025, confirming the attack’s discovery date and initiating IT system enhancements alongside expanded cybersecurity training for personnel. By March 5, 2025, the tribe publicly refused ransom demands through a recorded video statement from Chairman Lowes, who cited consultations with cybersecurity experts, legal advisors, and law enforcement in justifying the decision. Lowes emphasized distrust in the attackers’ integrity, stating payment offered no guarantee against data leaks despite the criminals’ extortion attempts.
By mid-March 2025, most tribal operations had resumed, though healthcare systems remained partially disrupted, evidenced by ongoing social media communications directing members to service-specific contact numbers. A forensic audit to identify compromised data was underway, requiring manual examination of hundreds of thousands of documents by the tribe’s IT team. The tribe committed to notifying affected individuals upon confirmation of data exposure but urged members and employees to proactively secure personal information through credit monitoring, password changes, and fraud alerts. The FBI’s investigation remained active, though no additional details regarding attack vectors or perpetrator identification were disclosed. Operational restoration prioritized critical services, with lingering challenges in healthcare documentation and communication systems reflecting the attack’s persistent logistical impacts.