In a stunning blow to one of America’s largest newspaper publishers, Lee Enterprises has fallen victim to a significant cyberattack, paralyzing newsrooms across 24 to 25 states. The attack, identified on February 5, 2025, has caused widespread disruption to both print and digital publications, affecting dozens of newspapers and media outlets across the United States.
Lee Enterprises, which owns over 75 media platforms and 13 digital publications, confirmed the attack in an email to customers. CEO Kevin Mowbray stated that the company is working to “fully restore our systems” and determine if any information was compromised during the incident.
The Impact on News Operations
The cyberattack has significantly disrupted the operations of Lee Enterprises’ newspapers. Many publications were initially unable to build pages and publish, leading to missed or delayed print and digital editions. Some newspapers, like the St. Louis Post-Dispatch and Omaha World-Herald, managed to maintain daily publication but with affected print editions, resulting in smaller or delayed issues.
Other newspapers, such as the Daily Progress in Virginia, were unable to produce print or e-editions for several days. The company has been working to print and deliver back issues to gradually restore operations. Subscribers have also faced temporary access issues to their online accounts and e-editions due to the outage.
The Extent of the Damage
The full extent of the damage caused by the cyberattack is still being assessed. Tracy Rouch, a spokesperson for Lee Enterprises, confirmed that the outages were caused by a “cybersecurity event” and that the company is now focused on determining what information, if any, may have been affected by the situation.
The attack has impacted various systems critical to the company’s operations, including:
- Data centers hosting applications and services
- Subscriber services systems
- Call center applications
- Some phone lines
- VPN for remote employees
- Single sign-on for accessing applications
A History of Vulnerability
This is not the first time Lee Enterprises has faced cybersecurity challenges. In 2021, the company was targeted by Iranian hackers who compromised its content management system as part of a campaign aimed at spreading disinformation ahead of the 2020 presidential election. This previous incident underscores the ongoing vulnerabilities media organizations face in the digital age.
Financial Implications
The cyberattack comes at a particularly challenging time for Lee Enterprises. The company recently reported a significant financial loss in the last quarter, with a 7% year-over-year decline in earnings and a notable miss on its fourth-quarter forecast. While the company’s Q1 2025 results showed a rise in total digital revenue and digital subscription revenue, the recent cybersecurity incident was not mentioned in the earnings report.
However, a subsequent Form 10-Q filing acknowledged the technology outage due to the cyber incident and stated that the company is actively investigating the incident and assessing its potential impact on operations, financial condition, and internal controls.
Response and Recovery Efforts
Lee Enterprises has notified law enforcement and is working closely with them to investigate the incident. The company is also identifying and implementing additional steps to prevent similar incidents in the future, including enhancing their cybersecurity measures and collaborating with cybersecurity experts.
As the company works to restore its systems, many newspapers are producing smaller or delayed editions. The incident highlights the critical need for robust cybersecurity measures in the media industry, especially given the financial and operational challenges faced by traditional media outlets.
While Lee Enterprises has not provided a timeline for full recovery, the ongoing impact of this cyberattack serves as a stark reminder of the vulnerabilities faced by media organizations in an increasingly digital landscape. As newsrooms across the country struggle to regain their footing, the incident raises important questions about the future of cybersecurity in the media industry and the potential long-term consequences of such attacks on the dissemination of news and information.
