Lee Enterprises has officially confirmed that the cyberattack disrupting its newspaper operations since early February was a ransomware incident.
In an 8-K filing submitted to the U.S. Securities and Exchange Commission (SEC), the publishing company acknowledged that attackers encrypted critical applications and exfiltrated certain files, though it remains unclear whether sensitive data was compromised.
The cyberattack, first detected on February 3, 2025, led to widespread disruptions across Lee Enterprises' print and digital operations, impacting newspaper production, subscriber services, and financial transactions. Upon discovery, the company activated its incident response team, bringing in external cybersecurity experts to assist in the investigation and mitigation efforts.
The threat actors behind the attack gained unauthorized access to Lee's internal systems, encrypted key applications, and extracted certain files before deploying the ransomware payload. Lee is still conducting forensic analysis, and it has not yet confirmed whether personally identifiable information (PII) or other sensitive data was stolen.
In response to the situation, Lee Enterprises notified law enforcement agencies and relevant regulatory bodies. The company also implemented temporary workarounds, such as manual processing of transactions and alternative distribution channels, to keep its core operations running.
Operational and financial impact
Lee Enterprises, headquartered in Davenport, Iowa, is one of the largest newspaper publishers in the U.S., operating 72 newspapers across 24 states, including the St. Louis Post-Dispatch, The North Platte Telegraph, and The Casper Star-Tribune. The attack significantly disrupted its ability to produce and distribute print editions, forcing many newspapers to delay deliveries or publish reduced versions.
While Lee stated that core publications are now operating on a normal schedule, some weekly and ancillary products remain affected, accounting for about 5% of the company’s total revenue. The company expects a phased recovery over the coming weeks.
Financially, Lee Enterprises acknowledged that the cyberattack is “reasonably likely to have a material impact” on its operations, though the full extent of the damage is still being assessed. The company confirmed that it holds cybersecurity insurance, which may help offset costs related to incident response, forensic investigations, business disruptions, and regulatory penalties.
This is the second known cyberattack targeting Lee Enterprises in recent years. In 2021, the company fell victim to an Iranian-linked hacking campaign that compromised its content management system to spread election-related disinformation.
The disclosure of ransomware involvement underscores the growing threat of cyberattacks targeting media organizations. Newspaper publishers, in particular, have become attractive targets due to their reliance on legacy systems, critical publishing deadlines, and broad subscriber bases.
Lee Enterprises has pledged to provide further updates as its investigation progresses.
OpenSSH Vulnerabilities Exposed Millions to Multi-Year Risks
Leave a Reply