Lee Enterprises data breach exposes personal information of nearly 40,000 individuals

Publishing giant Lee Enterprises has disclosed a significant data breach stemming from a ransomware attack earlier this year, which compromised the personal information of nearly 40,000 individuals. The breach, which occurred in February 2025, has been formally reported to regulatory authorities, including the Office of the Maine Attorney General.

Lee Enterprises, one of the largest newspaper publishers in the United States, operates 77 daily newspapers and over 350 weekly and specialty publications across 26 states. The company reaches a daily print circulation of more than 1.2 million readers and boasts a digital audience numbering in the tens of millions each month.

In a notification to affected individuals, the company stated that its investigation determined unauthorized access or acquisition of data took place on February 3, 2025. The stolen information includes first and last names in combination with Social Security numbers, classifying it as highly sensitive personal data under data protection laws.

The ransomware attack triggered a widespread systems outage across Lee Enterprises’ operations. Newsrooms and printing facilities nationwide reported disruptions, with some publications experiencing delays in printing and delivery. According to cybersecurity reporting outlet BleepingComputer, the incident also took down corporate virtual private networks (VPNs), limited access to cloud storage, and disabled critical internal systems.

Lee Enterprises filed a disclosure with the U.S. Securities and Exchange Commission (SEC) one week after the breach, confirming that hackers had encrypted essential applications and exfiltrated data. While the company has not publicly attributed the attack to a specific group, the Qilin ransomware gang claimed responsibility in late February.

The cybercriminal group alleged it had stolen approximately 120,000 documents, amounting to 350 gigabytes of data, and posted Lee Enterprises on its dark web leak site on February 28. The hackers shared samples of the stolen files, which purportedly included government identification scans, financial documents, legal agreements, and other confidential business records. They threatened to release the full dataset on March 5.

When contacted by the media, a spokesperson for Lee Enterprises acknowledged the claims made by the attackers and confirmed that the company was actively investigating the authenticity and scope of the stolen data.

This is not the first time Lee Enterprises has been the target of a cyberattack. In the lead-up to the 2020 U.S. presidential election, Iranian state-sponsored actors reportedly breached the company’s systems as part of a broader effort to disseminate disinformation.