News outlets managed by Lee Enterprises undergoing investigation following a cyberattack causing operational disruptions.
Lee Enterprises, a prominent U.S. newspaper chain serving 72 markets in 25 states, is currently investigating a cybersecurity incident that has disrupted its operations. The incident has impacted many of the publications served by Lee Enterprises, including The St. Louis Post-Dispatch, Omaha World-Herald, and Buffalo News, which are currently undergoing maintenance.
The exact cause of the incident, which occurred on February 3, has not been disclosed by the company, citing potential compromise of the internal investigation or the investigation by law enforcement. Lee Enterprises has declined to comment on specifics regarding the incident.
The company is focusing on determining what information, if any, was affected by the incident. Spokesperson Tracy Rouch stated, "We are focused on determining what information, if any, was affected by the incident."
In December, Lee Enterprises selected Amazon Web Services (AWS) as its preferred cloud provider. The company's digital transformation plans, which include significant advances in AI-driven personalization for readers and AI business technology for advertisers, as mentioned by Les Ottolenghi, chief transformation and commercial officer, may have been impacted by the incident.
The incident has caused outages and delays in printing media, which accounts for half of Lee Enterprises' revenue. These disruptions have affected the distribution of print publications across the company's portfolio of products. The company has also experienced significant operational challenges as a result of the attack, impacting its ability to deliver print media on time.
The incident involved a ransomware attack, exposing the personal information of nearly 40,000 people, including Social Security numbers. This breach highlights vulnerabilities in Lee Enterprises' data protection measures. The company has taken steps to notify affected individuals and has incurred material expenses related to incident response and potential notification requirements.
While the company has insurance coverage, the extent to which the insurance will cover the expenses and the long-term financial implications remain to be fully assessed. The incident has led to a short-term liquidity issue, resulting in a 3-month delay in interest payments to their lender.
The investigation is complex and time-consuming, with many taking several weeks or longer to complete. No updates have been given about any material impact on the company's financial condition, operations, or internal controls since the investigation began. The company is working with third-party support to prevent future cybersecurity incidents.
As of Friday, the company had not yet determined any material impact, but an assessment was ongoing. The company is working diligently to restore its systems and services, though no details have been provided about the specific steps being taken to restore affected websites.
[1] Source: Lee Enterprises 2025 Q1 Earnings Call Transcript [2] Source: Privacy Rights Clearinghouse [3] Source: KrebsOnSecurity
- The cybersecurity incident at Lee Enterprises, which occurred on February 3, has raised concerns about the privacy of individuals, as it exposed personal information of nearly 40,000 people, including Social Security numbers.
- As Lee Enterprises focuses on determining what information was affected by the cybersecurity incident, they may also need to address the potential impact on their financial affairs, considering the short-term liquidity issue and the uncertainty surrounding the extent to which their insurance will cover expenses related to the incident.
- In the wake of the cybersecurity incident, Lee Enterprises is collaborating with third-party support to enhance their cybersecurity measures, aimed at preventing future attacks and ensuring the integrity of their technology infrastructure, particularly given their reliance on technology for services and operations.
