Publishing giant Lee Enterprises is notifying over 39,000 people whose personal information was stolen in a February 2025 ransomware attack.
As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states. The local news provider’s newspapers have a daily circulation of over 1.2 million, and a digital audience reaching tens of millions each month.
In a filing with the Office of Maine’s Attorney General this week, the company revealed that attackers behind a ransomware attack in February stole documents containing personally identifiable information of 39,779 individuals.
“The investigation determined that information may have been accessed or acquired without authorization on February 3, 2025,” Lee Enterprises revealed in data breach notifications sent to affected individuals.
“The information that could have been subject to unauthorized access and/or acquisition includes first and last name, as well as Social Security number.”
After the incident, Lee Enterprises newsrooms across the United States reported that the attack triggered a systems outage, forcing the publisher to shut down many of its networks and leading to widespread printing and delivery disruptions for dozens of newspapers.
BleepingComputer also learned that the outage had caused significant issues, including corporate VPNs being down and lost access to internal systems and cloud storage.
A week later, the company submitted a filing with the SEC disclosing that the hackers “encrypted critical applications and exfiltrated certain files,” revealing that it got hit by ransomware.
Breach claimed by Qilin ransomware
While the company has yet to attribute the attack to a specific operation, the Qilin ransomware gang claimed responsibility in late February.
The ransomware gang claimed to have stolen 120,000 documents totaling 350 GB in size and threatened to release them all on March 5.
Qilin added Lee Enterprises to its dark web leak site on February 28, sharing samples of data allegedly stolen from the company’s compromised systems, including government ID scans, financial spreadsheets, contracts/agreements, non-disclosure agreements, and other confidential files.
When BleepingComputer contacted Lee Enterprises to confirm that the stolen data was legitimate, a spokesperson said the company was “aware of the claims” and was “currently investigating them.”
Lee Enterprises’ network was also breached before the 2020 U.S. presidential election when Iranian hackers gained access to its systems as part of a broader campaign to spread disinformation.
Manual patching is outdated. It’s slow, error-prone, and tough to scale.
Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.
