HQ/EMEAFind out how we can help your business
Lee Enterprises is contacting over 40,000 people whose personal information was exposed in a ransomware incident in February 2025.
Lee Enterprises, one of the major newspaper companies in the United States, publishes 77 daily newspapers and 350 weekly and speciality publications in 26 states.
The company’s publications have a daily circulation of over 1.2 million, and its digital platforms reach millions of users every month.
In a recent petition with the Maine Attorney General’s Office, the firm stated that the attackers engaged in the ransomware incident and downloaded documents containing 39,779 individuals’ personally identifying information.
Breach notification letters provided to persons affected suggest unauthorised access occurred on February 3, 2025, with potentially compromised information comprising first and last names and Social Security numbers.
Following the intrusion, newsrooms across the country experienced system problems, forcing the firm to shut down many networks, resulting in substantial interruptions to printing and delivery operations for numerous newspapers.
According to a news outlet, the failures affected business VPNs’ internal systems and cloud storage access.
About a week after the event, the company filed a complaint with the SEC, indicating that hackers had encrypted critical apps and exfiltrated some files, confirming the ransomware attack.
Qilin Ransomware claims the attack on Lee Enterprises.
While Lee Enterprises has yet to officially attribute the cyberattack to a specific threat actor, the Qilin ransomware gang claimed responsibility in late February.
Qilin claimed it had stolen 120,000 documents worth 350 GB and promised to reveal them on March 5.
On February 28, the organisation added Lee Enterprises to its dark web leak site and released samples of purportedly stolen data, including government-issued ID scans, financial spreadsheets, contracts, non-disclosure agreements, and other sensitive material.
When challenged about the legitimacy of the stolen data, a Lee Enterprises official acknowledged the claims and claimed that an inquiry was being conducted.
This issue is not the first time in recent years that the firm has suffered such an incident. It was previously infiltrated before the 2020 U.S. Iranian hackers entered its network as part of a larger disinformation attempt ahead of the presidential election.
