Lee Enterprises has confirmed that major disruption to operational systems across its newspaper network for two weeks was caused by a ransomware attack. The company, which publishes 77 daily newspapers and 350 weekly and speciality publications across 26 US states, disclosed details of the incident in a regulatory filing with the US Securities and Exchange Commission (SEC).
According to the SEC filing, the attack led to a major systems outage. First discovered on 3 February, preliminary findings indicate that cybercriminals accessed the company’s network without authorisation, encrypted key applications, and exfiltrated certain files. A forensic investigation is ongoing to determine whether sensitive data or personally identifiable information (PII) was compromised, though no definitive evidence of such exposure has been confirmed.
The cyberattack on Lee Enterprises impacted many of its core business functions, including newspaper printing, distribution, billing, collections, and vendor payments. Employees faced difficulties accessing internal systems, while VPN connectivity issues disrupted newsroom operations. Some newspapers reported delays in print editions, and digital services were partially affected. Subscribers were notified about possible disruptions.
Systems breached, files exfiltrated
By 12 February, Lee Enterprises reported that core publications had resumed their normal distribution schedule. However, some weekly and speciality publications, which contribute approximately 5% of the company’s total operating revenue, remained unavailable. The company expects a phased recovery process over the coming weeks.
In response to the breach, Lee Enterprises activated its incident response team, comprising internal staff and external cybersecurity experts. To maintain critical business functions, the company implemented temporary measures that included manual transaction processing and alternative distribution channels. Law enforcement agencies and regulatory authorities have been notified. “In coordination with legal counsel, the Company has notified the relevant law enforcement about the matter, and will notify relevant federal and state regulatory bodies, and applicable consumer protection agencies, as necessary,” stated the company in the SEC filing.
Publications affected by the attack include the St. Louis Post-Dispatch, Omaha World-Herald, Buffalo News, Richmond Times-Dispatch, Arizona Daily Star, and Casper Star-Tribune. Employees across these newsrooms encountered access issues, with some initially unable to build pages or publish content due to network disruptions.
Lee Enterprises first disclosed the attack in its quarterly SEC filing on 7 February, four days after the breach was identified. The company has stated that the financial impact remains uncertain but is likely to be significant. Lee Enterprises holds a cybersecurity insurance policy designed to cover expenses related to forensic investigations, incident response, business interruptions, and regulatory fines, subject to policy limits and deductibles. Investigations into the attack and efforts to restore affected systems are ongoing.
The company has previously been targeted in cyber incidents. Iranian hackers allegedly gained access to the company’s content management system in 2020 as part of a wider disinformation campaign ahead of the US presidential election. The recent ransomware attack has raised more concerns about cybersecurity risks faced by media organisations.
Read more: Change Healthcare ransomware attack exposes data of 190 million people
