A ransomware attack on newspaper giant Lee Enterprises disrupted print and digital operations for over two weeks.
Newspaper publishing giant Lee Enterprises has confirmed that a ransomware attack caused ongoing disruptions across its operations for more than two weeks. The attack, which triggered a system outage on February 3, impacted the distribution of print and digital publications, billing, collections, and vendor payments. In a filing with the U.S. Securities and Exchange Commission (SEC), Lee stated that threat actors accessed its network, encrypted applications, and exfiltrated certain files.
Lee Enterprises operates 77 daily newspapers and 350 weekly and specialty publications across 26 states, reaching over 1.2 million print subscribers and 44 million digital visitors. The attack forced the company to shut down networks, leading to widespread printing and delivery delays.
By February 12, core products resumed normal distribution, but weekly and ancillary publications remained unavailable, affecting 5% of the company’s total revenue. Lee anticipates a phased recovery in the coming weeks and is investigating whether any personally identifiable information (PII) was compromised, though no conclusive evidence has been found.
To mitigate operational disruptions, Lee implemented temporary workarounds, including manual transaction processing and alternative distribution channels. The company first disclosed the breach in a 10-Q quarterly report to the SEC on February 7, four days after the attack was discovered.
The company's SEC filing stated: “Lee has a comprehensive cybersecurity insurance policy covering costs related to incident response, forensic investigations, business interruption, and regulatory fines, subject to policy limits and deductibles. The company will provide updated guidance once the full assessment is complete.”
The attack on Lee Enterprises is more than a business disruption. When a newspaper chain serving millions is forced offline, the damage goes beyond financial losses. It raises serious concerns about the vulnerability of the press. News organizations rely on trust and timeliness, and cybercriminals are proving how easily they can undermine both.
They can halt printing and digital publishing, delay ad placements, disrupt subscription services, and create financial instability due to lost revenue and recovery costs.
News organizations rely on real-time operations and trust, making them attractive to attackers who seek to cause disruption, gain leverage for ransom demands, or manipulate information flow.
Beyond financial losses, repeated attacks can erode public trust, compromise sensitive sources, and weaken the ability of media outlets to deliver timely and reliable news.
Widespread disruptions can limit news coverage, impact advertisers and business partners, and highlight security vulnerabilities that could be exploited by other attackers.
News organizations must treat cybersecurity as a priority, invest in stronger defenses, and develop rapid-response plans to minimize the impact of future attacks.