In certain instances, we may earn revenue when a reader makes a purchase or completes a form through our pages or on a partner’s website. We adhere to a strict 
A major American media and newsgroup, Lee Enterprises, continues to try to solve the disruptions after a cyberattack brought down its newspaper and website empire.
Lee Enterprises owns Amplified, Tucson.com, Richmond Times Dispatch, Omaha World-Herald, The Buffalo News, St. Lois Dispatch, and many other news brands.
The company said the cyberattack affected its physical newspaper print and distribution operations and online sites.
The scope of the incident is significant, with Lee Enterprises claiming to reach more than 75% of American adults in their largest markets and 25 million unique web and mobile visitors monthly. It is unknown if user or subscriber data has been compromised.
Let’s dive into this security incident to understand the impact, analyze what we know, and better understand this security incident.
Key Takeaways
- A cyberattack disrupted Lee Enterprises’ newspaper printing and online operations.
- The attack impacted employee systems, subscriber services, and VPN access, with print operations disrupted.
- Lee has not confirmed whether customer data was compromised.
- The incident is under investigation, with the FBI likely involved.
- Lee reaches more than 25 million readers every month.
What Happened to Lee Enterprises?
On February 3, Lee Enterprise was hit by a cyberattack that disrupted the printing of its newspapers across the U.S. and the availability of its online websites. The company told the press that the security incident has affected normal daily news operations.
Lee Enterprise has notified law enforcement and we expect that the FBI is involved.
At the time, Lee Enterprises refused to disclose any details regarding what type of cyberattack they experienced.
It is unknown if the newsgroup is being extorted by a ransomware gang or whether the threat actors are nation-state disruptors or cybercriminals looking to steal employees’ and readers’ personal data.
In a communication, the company said:
“We are now focused on determining what information — if any — may have been affected by the situation.”
It may be weeks or even months before we get any concrete evidence of what exactly happened. As a public company trading in the Nasdaq stock exchange under the symbol LEE, Lee is legally obliged to disclose incidents and keep stakeholders informed.
Lee’s latest quarterly earnings report, issued recently, reported $144.6 million in gains for the fiscal first quarter of 2025. The report does not mention the cyber incident.
However, the company does mention the incident in a document filed with the Securities and Exchange Commission (SEC).
The SEC document, filed on February 7, reads:
“The Company is actively investigating the incident, implementing recovery measures, and assessing the potential impact on its operations, financial condition, and internal controls.
“As of the date of this filing, the Company has not identified any impact that is material; however, the evaluation remains ongoing.”
Connecting the Digital Dots of Lee Enterprises Cyberattack
Given the scope of the incident and the fact that several of Lee newspapers were still having problems by February 11, eight days since the incident started, it is clear that this is a rather sophisticated hack.
This means it is doubtful that the incident is the world of a lone operator or hacktivist.
The attackers likely targeted one of thousands of Lee workers through phishing or gained access to centralized platforms via a vulnerability.
From there, they may have escalated the attack laterally, compromising different brands of newspapers and the company’s online media.
This cyberattack could be ransomware or not. However, even if it is a ransomware attack, the incident carries a strong national security factor. Local newspapers like those managed by Lee play a vital civic role.
Media and newspapers are very popular targets in the ransomware industry. Attacks on media are usually linked to more sophisticated threats.
Going after a major newspaper provider would definitely not be the first sector that comes to mind when thinking about critical infrastructure targets.
However, given that Lee Enterprise provides news to a considerable number of Americans, the gang behind this incident is most likely experienced in critical infrastructure cyberattacks and could even be supported by a nation-state.
The Star-Tribune — one of the news outlets affected — said:
“Many of Lee newspapers initially were not able to build pages and publish, though the company has been working to print and deliver back issues.”
Specific System Elements Impacted in Lee Security Incident
Different media outlets managed to gather comments from sources and Lee spokespersons. These bits and pieces of information provide clues as to what the attackers were after and how skilled they were. So let’s dive into what we know was affected.
Thanks to warning banners on several of Lee’s online newspapers, we know that access to subscription accounts, E-editions, and other customer services was impacted.
TechCrunch reported that one of Lee’s data centers, which hosts applications and services used by Lee employees and media outlets, was offline — including systems for subscriber services.
It added that call center applications, some phone lines, and “other core systems, including its VPN for remote employees and single sign-on for accessing applications, were inaccessible.”
These impacts reveal the technical level of threat actors is advanced.
Finally, it’s worth noting that Lee Enterprises was hacked five years ago in 2020.
Iranian hackers breached Lee Enterprises before and after the 2020 U.S. presidential election. The attack was categorized as espionage-disruption, targeting civil society.
Tensions between the U.S. and Iran have been heating up in the past two weeks as negotiations on Iran’s nuclear program emerge on the geopolitical table.
The Bottom Line
Aggressive cyberattacks or security incidents that can shut down newspaper prints and news sites across a country by targeting big media groups are not common.
This security incident has too many curious, out-of-the-usual traits to ignore. Hopefully, investigations will reveal more details and inform the public.
While a newspaper might not traditionally be considered critical infrastructure, there is a strong argument that it should be.
All cyberattacks are serious, but disrupting a country’s key media outlet strikes right at the heart of democracy.
FAQs
What happened to Lee Enterprises?
Was subscriber data compromised in the cyberattack?
Who is responsible for the attack on Lee Enterprises?
How has the cyberattack affected Lee Enterprises’ operations?
Is this the first time Lee Enterprises has been hacked?
Could this attack have national security implications?
References
- Quarterly Reports (Lee Enterprises, Inc.)
- FORM
- Media giant Lee Enterprises confirms cyberattack as news outlets report ongoing disruption (TechCrunch)
