Newspaper publishing giant Lee Enterprises has confirmed that a ransomware attack is behind ongoing disruptions impacting the group’s operations for over two weeks.
As a local news provider and one of the largest newspaper groups in the United States, Lee publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states. Its newspapers have a daily circulation of over 1.2 million, and digital editions reach more than 44 million unique visitors.
In a Friday filing with the U.S. Securities and Exchange Commission (SEC), the media giant said the attack triggered a systems outage on February 3. “Preliminary investigations indicate that threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files,” Lee said.
“The incident impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments. Distribution of print publications across our portfolio of products experienced delays, and online operations were partially limited.
“As of February 12, 2025, all core products are being distributed in the normal cadence, however weekly and ancillary products have not been restored. These products represent five-percent of the Company’s total operating revenue. The Company anticipates a phased recovery over the next several weeks.”
Lee is now investigating if the sensitive data or personally identifiable information (PII) was also exposed during the breach, but no conclusive evidence has been found.
In response to the ongoing outage, Lee has also implemented temporary measures, such as manual transaction processing and alternative distribution channels, to maintain critical business functions while encrypted systems are restored.
The company first disclosed the breach in a 10-Q quarterly report filed with the SEC on February 7, four days after the ransomware attack was discovered.
Lee newsrooms across the United States have reported that the cyberattack forced the newspaper publisher to shut down many of its networks, leading to widespread printing and delivery disruptions for dozens of newspapers.
BleepingComputer also learned that the resulting outage caused chaos across the newspaper group, with reporters and editors unable to access their files because VPNs used to connect securely to the network stopped working.
Five years ago, before the 2020 U.S. presidential election, the newspaper group was hit by another cyberattack when Iranian hackers breached its network as part of a broader campaign to spread disinformation.