2025-02-14 LEE ENTERPRISES, Inc Cybersecurity Incident

Page last updated on February 18, 2025

LEE ENTERPRISES, Inc initially disclosed a cybersecurity incident in an SEC 8-K filing on 2025-02-14 18:18:25 EST.

Company Summary

Lee Enterprises is a provider of local news, information and advertising.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date: 2025-02-03
Detected Date:
Disclosure Date: 2025-02-14
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2025-02-14

LEE ENTERPRISES, Inc filed an 8-K at 2025-02-14 18:18:25 EST
Accession Number: 0001628280-25-005855

Item 1.05 Material Cybersecurity Incidents.

On February 3, 2025, Lee Enterprises, Inc. (“Lee” or the “Company”) experienced a systems outage caused by a cybersecurity attack. Upon discovery, Lee activated its incident response team, comprised of internal personnel and external cybersecurity experts retained to assist in addressing the incident.

Preliminary investigations indicate that threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files. The Company is actively conducting forensic analysis to determine whether sensitive data or personally identifiable information (PII) was compromised. At this time, no conclusive evidence has been identified, but the investigation remains ongoing.

In coordination with legal counsel, the Company has notified the relevant law enforcement about the matter, and will notify relevant federal and state regulatory bodies, and applicable consumer protection agencies, as necessary.

The incident impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments. Distribution of print publications across our portfolio of products experienced delays, and online operations were partially limited. As of February 12, 2025, all core products are being distributed in the normal cadence, however weekly and ancillary products have not been restored. These products represent five-percent of the Company’s total operating revenue. The Company anticipates a phased recovery over the next several weeks.

Lee has implemented temporary measures, including manual processing of transactions and alternative distribution channels, to maintain critical business functions while systems are being restored.

While the full scope of the financial impact is not yet known, the incident is reasonably likely to have a material impact on the Company’s financial condition or results of operations. The Company is continuing its forensic investigation and analysis to assess the potential impact.

Lee maintains a comprehensive cybersecurity insurance policy, which covers costs associated with incident response, forensic investigations, business interruption, and regulatory fines, subject to policy limits and deductibles.

The Company will provide updated guidance once a full assessment is completed.

Company Information