What happened to Lee Enterprises?

Lee Enterprises, one of the largest newspaper publishing groups in the United States, experienced a ransomware attack that began on February 3, 2025, resulting in significant operational disruptions.

What systems were affected by the attack?

The attack affected critical applications, product distribution, billing systems, collections, vendor payment processes, VPN access, and file systems used by reporters and editors. Both print and online operations experienced disruptions.

What was the duration of the disruption?

Core products resumed normal distribution by February 12, 2025, though weekly and ancillary products remain affected. The initial attack began on February 3, 2025.

Was any sensitive data exposed in the attack?

The company is currently investigating potential exposure of sensitive data and personally identifiable information (PII). While files were exfiltrated, no conclusive evidence of data exposure has been reported.

What is known about the financial impact of the incident?

The financial impact of the incident has not yet been disclosed by Lee Enterprises.

Incident

Lee Enterprises hit by ransomware, causes operational disruptions

Q: How did the company respond to the attack?

Lee Enterprises implemented temporary measures to maintain critical business functions, including manual transaction processing and alternative distribution channels.

published: Feb. 18, 2025

Learn More

Lee Enterprises, one of the largest newspaper publishing groups in the United States, is reporting significant operational disruptions due to a ransomware attack that began on February 3, 2025.

Threat actors have successfully infiltrated the network, encrypting critical applications and exfiltrating certain files. The attack severely impacted product distribution, billing systems, collections, and vendor payment processes.

The incident caused delays in print publication distribution, partial limitations of online operations, VPN access issues preventing reporters and editors from accessing their files and widespread printing and delivery disruptions across dozens of newspapers

Core products resumed normal distribution by February 12, 2025. The company has indicated that weekly and ancillary products remain affected. Lee Enterprises has implemented temporary measures to maintain critical business functions, including manual transaction processing and alternative distribution channels.

The incident's financial impact and number of affected individuals are not yet disclosed.

The company is currently investigating potential exposure of sensitive data and personally identifiable information (PII). No conclusive evidence of data exposure has been reported.

Update - as of February 27, 2025, the Qilin ransomware group claimed responsibility for the attack on their Tor leak site. The group alleged they had stolen approximately 350GB of data, including:

Financial records
Journalist payment information
Insider news tactics
Corporate documents

Qilin published sample data including ID scans, corporate documents, and spreadsheets. The group has threatened to release all stolen data on March 5, 2025, if their demands are not met.

As of 4th of June 2025, Lee Enterprises reports that the information of 39,799 people, including subscribers, advertisers and employees, may have been affected. The company will provide one year of free identity theft protection and credit monitoring services to the affected individuals.

Lee Enterprises hit by ransomware, causes operational disruptions

Read More
Horizon Behavioral Health hit by ransomware attack, client …
KillSec ransomware gang claims attack on Clubfit Software …
Drug testing firm DISA Global Solutions reports data …
Mackay Memorial Hospital in Taiwan reports data breach …
Hackers claim attack on South Africa credit agencies, …