Article Details

Crims stole 40,000 people's data from our network, admits publisher Lee Enterprises. Did somebody say ransomware? Not the newspaper group, not even to deny it. Regional newspaper publisher Lee Enterprises says data belonging to around 40,000 people was stolen during an attack on its network earlier this year. The Iowa-based company confirmed first and last names, as well as social security numbers, were among the data types potentially accessed, although it does not think any of it has been misused. Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump According to letters being sent to the 39,779 affected individuals, the data concerns "certain employees." It did not mention newspaper subscribers being affected, but according to company workers' unions, Lee Enterprises has cut jobs at various points over the past few years. Axios also reported in 2022 that around 400 jobs were cut, which represented around 10 percent of the company's workforce. Given that the company doesn't appear to employ anywhere close to 40,000 people, The Register asked Lee Enterprises whether customer or former employee data was impacted, but it did not immediately respond. The company said the attack was detected on February 3, but the break-in, where the criminal gained "unauthorized access" to the data, began two days earlier. The letters read: "With the help of a third-party vendor, we undertook a comprehensive review and, on or about May 28, 2025, learned that some of your personal information was contained within the affected data set." It went on to say: "As soon as we discovered this incident, we took the steps described above and implemented measures to enhance security and minimize the risk of a similar incident occurring in the future. "We also notified the Federal Bureau of Investigation and will cooperate with any resulting investigation and provide whatever cooperation may be necessary to hold the perpetrators accountable." CEO Kevin Mowbray issued a statement on February 7 publicly announcing the attack, explaining the reason why various newspaper brands it owns were struggling to produce print and digital journalism for several days. A week later, the SEC filing came, with the company's linguistic gymnastics on full display, working overtime to avoid mentioning ransomware. It described the situation as a "cybersecurity attack," where "threat actors unlawfully accessed the company's network, encrypted critical applications, and exfiltrated certain files." The attack was later claimed by the Qilin group, but the company's data no longer appears on its website. Lee Enterprises also stated in the filing that it expected the attack to have a material impact on its future financials, although it held a robust cyber insurance policy for such situations. The company's brands are back up and running again as usual, however. It owns more than 70 daily newspapers and almost 350 weekly and special-interest publications across 25 states. Different publications felt disruption to varying degrees. Some had to cease production entirely, while others, like the Arizona Daily Star, still hit the newsstands by temporarily reducing the number of sections in each issue.