Lee Enterprises, the prominent newspaper publishing company, has confirmed that a ransomware attack in February 2025 not only disrupted its operations but also led to the theft of personal data belonging to their employees. The attack impacted several media outlets across the U.S., causing delays in the production and distribution of both print and online content. A total of 39,779 individuals were affected by this data breach, including 13 residents of Maine.
Details of the Breach
On February 3, 2025, Lee Enterprises became the victim of a ransomware attack attributed to the Qilin ransomware group, a prolific cybercriminal gang known for carrying out destructive attacks. Upon discovering the breach, Lee Enterprises promptly initiated an investigation and engaged cybersecurity specialists to assess and contain the incident. The investigation revealed that certain files containing personal information were accessed without authorization on February 1, 2025.
While there is no evidence of misuse or attempted misuse of the compromised information, Lee Enterprises has taken steps to enhance security and minimize the risk of future incidents. The company has notified affected individuals and is offering identity theft protection services through IDX, which include credit monitoring, CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. Individuals are encouraged to enroll in these services by September 3, 2025.
Impact on Operations
The breach led to delays in product distribution, billing, collections, and vendor payments. Print publication distribution was disrupted, and online operations were partially impaired. By February 12, 2025, Lee had restored all core product distributions, but weekly and ancillary publications, which constitute approximately five percent of the company’s total operating revenue, remain impacted. A phased recovery for these products is expected over the next several weeks.
What Was Compromised?
The breach exposed personal information, including Social Security numbers and financial details of employees. Although there is no evidence of misuse or attempted misuse of the compromised data, Lee Enterprises is advising affected individuals to take immediate protective measures.
Steps to Take If You Were Affected
If you have received a data breach notification from Lee Enterprises, your information may have been compromised. We recommend the following actions to protect your personal information:
-
Monitor your financial accounts: Regularly check bank statements, credit card transactions, and credit reports for unauthorized activity.
-
Update your passwords: Change passwords for accounts that may have been impacted by the breach.
-
Stay alert for phishing scams: Be cautious of emails, texts, or phone calls requesting personal information.
-
Enroll in identity theft protection: Take advantage of the free identity theft protection services provided through IDX by September 3, 2025.
-
Consider freezing your credit: Place a credit freeze with the three major credit bureaus to prevent new accounts from being opened in your name
Class Action Lawsuits and Compensation for Victims
Class Action U, in partnership with KO Lawyers, is assisting individuals affected by the Lee Enterprises data breach. Victims may be eligible to join a class action lawsuit seeking compensation for various damages, including loss of privacy, emotional distress, time spent addressing the breach, and any out-of-pocket expenses.
A successful class action lawsuit could compel Lee Enterprises to strengthen its cybersecurity measures to prevent future incidents. Reach out to Class Action U today to find out if you qualify for a data breach class action and learn more about the compensation you may be entitled to.
