Nearly four months after a ransomware attack paralyzed Lee Enterprises’ nationwide newspaper operations, the company has confirmed the breach also compromised sensitive personal data of 39,779 individuals.
According to a filing with the Maine Attorney General’s Office, the attackers gained unauthorized access to Lee's systems as early as February 1, 2025, exfiltrating personal data during the initial phase of the ransomware operation. The compromised information includes full names and Social Security numbers, valuable data for identity theft and fraud.
Written notices were sent to affected individuals, who are offered 12 months of free identity protection and credit monitoring through IDX.
Based in Davenport, Iowa, Lee Enterprises is one of the largest newspaper publishers in the U.S., with a presence in 24 states. Its extensive media footprint made it an attractive target for ransomware operators, especially given its reliance on legacy infrastructure and the time-sensitive nature of newspaper production.
The breach stems from a ransomware attack initially detected on February 3, 2025, which forced Lee Enterprises to shut down key systems and disrupted operations across its network of 72 newspapers. Publications such as the St. Louis Post-Dispatch, North Platte Telegraph, and Casper Star-Tribune reported significant delays in print and digital services, as well as degraded access to subscriber platforms, VPN systems, and employee login infrastructure. In SEC filings and public statements, Lee confirmed attackers had encrypted core applications and exfiltrated files during the intrusion.
The Qilin ransomware gang later claimed responsibility for the attack, listing Lee Enterprises on its dark web extortion site and threatening to leak 350GB of stolen data unless a ransom was paid. Qilin, a Russian-speaking group operating under a Ransomware-as-a-Service model, has been linked to high-profile incidents across healthcare, automotive, and media sectors. The group has reportedly incorporated Rust-based encryption and has alleged ties to the Scattered Spider hacking collective.
While Lee initially declined to confirm whether personally identifiable information (PII) had been stolen, the recent disclosure makes clear that sensitive employee data was indeed compromised. The company maintains that there is currently no evidence of misuse, but the data accessed presents substantial risk for identity theft and secondary exploitation.
Lee Enterprises has enlisted cybersecurity experts to bolster defenses and coordinate with federal authorities, including the FBI. The company says it is rolling out additional security training for employees and implementing enhanced network monitoring protocols to prevent future breaches.
Leave a Reply