American media company Lee Enterprises has shared an update on the recent cyberattack that caused disruptions at dozens of local newspapers, revealing that it was targeted in a ransomware attack.
Lee owns 350 weekly and specialty publications across 25 states. At least 75 newspapers were affected by the cyberattack, according to the Press Freedom Tracker.
When it first informed the SEC about the cyberattack, Lee said it had suffered a technology outage on February 3 due to a “cyber incident”. Many of its publications experienced operational disruptions, including related to printed newspapers, subscription accounts and internal services.
In an update shared with the SEC on Tuesday, Lee did not specifically say that it was targeted in a ransomware attack, but it did say that — based on its investigation so far — threat actors accessed its network, encrypted critical applications and exfiltrated certain files, which matches the description of a typical ransomware attack.
Lee is conducting a forensic analysis in an effort to determine whether personal information or other sensitive data was compromised as a result of the hacker attack.
“The incident impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments. Distribution of print publications across our portfolio of products experienced delays, and online operations were partially limited,” Lee told the SEC.
It added, “As of February 12, 2025, all core products are being distributed in the normal cadence, however weekly and ancillary products have not been restored. These products represent five-percent of the Company’s total operating revenue. The Company anticipates a phased recovery over the next several weeks.”
The media giant expects the incident to have a material impact, but the full scope of the financial impact has yet to be determined.
SecurityWeek has not seen any known ransomware group taking credit for the attack.
It’s unclear if Lee has paid a ransom or is considering the option, but the company pointed out that it does maintain a “comprehensive cybersecurity insurance policy, which covers costs associated with incident response, forensic investigations, business interruption, and regulatory fines, subject to policy limits and deductibles”.
Related: Media Giant News Corp Discloses New Details of Data Breach
Related: New York Times Responds to Source Code Leak
Related: Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades
