Lee Enterprises has provided new details about what it says was a cybersecurity attack that began disrupting its newspaper operations in Virginia and elsewhere more than two weeks ago.
The company (NASDAQ:LEE) said in a filing with the U.S. Securities and Exchange Commission that the Feb. 3 incident “impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments.”
The filing was dated Feb. 14 and posted to the SEC website on Tuesday.
“Distribution of print publications across our portfolio of products experienced delays, and online operations were partially limited,” the company said. “As of February 12, 2025, all core products are being distributed in the normal cadence, however weekly and ancillary products have not been restored.”
Those products represent 5% of Lee’s operating revenue. The company “anticipates a phased recovery over the next several weeks.”
When the cyberattack happened, “threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files,” Lee said.
“The Company is actively conducting forensic analysis to determine whether sensitive data or personally identifiable information (PII) was compromised. At this time, no conclusive evidence has been identified, but the investigation remains ongoing,” Lee said.
The company said that it has worked with its lawyers to notify law enforcement and will notify “relevant federal and state regulatory bodies, and applicable consumer protection agencies, as necessary.”
Lee Enterprises owns newspapers in Virginia and two dozen other states. In Virginia, Lee owns newspapers in Bristol, Culpeper, Charlottesville, Danville, Fredericksburg, Lynchburg, Martinsville, Roanoke, Richmond and Waynesboro. Its weekly newspapers include the Amherst New Era-Progress and the Nelson County Times.
Not all Lee newspapers publish a printed edition daily. In 2023, the Bristol, Culpeper, Charlottesville, Danville, Martinsville and Waynesboro papers joined about three dozen others in reducing their schedules to print only three days a week.
In the days immediately following the cyberattack, some newspapers were unable to deliver print editions on time. E-editions, which are digital replicas of print editions, were missing their front pages and inside pages of local news, although some pages of puzzles and advertisements were available.
Lee first publicly confirmed that the problems were caused by a “cybersecurity event” in a story published online on Feb. 7, four days after the attack, and in multiple print editions the following day.
As of Tuesday, many of Lee’s 70-plus newspaper website homepages displayed messages saying that the company’s systems are undergoing “maintenance.”
Some newspapers carried notices saying that because of “serious technical outages” across the company, their print edition’s layout was temporarily reconfigured.
Customers’ access to online accounts and subscription services has also been impacted.
The company said in its SEC filing that it has implemented temporary measures, including manual processing of transactions and “alternative distribution channels” to handle critical business functions.
“While the full scope of the financial impact is not yet known, the incident is reasonably likely to have a material impact on the Company’s financial condition or results of operations. The Company is continuing its forensic investigation and analysis to assess the potential impact,” Lee said.
Lee said it carries a “comprehensive cybersecurity insurance policy” and will provide further guidance once its assessment is complete.
On Feb. 6, Davenport, Iowa-based Lee Enterprises reported a first-quarter net loss of $16 million on $145 million of total operating revenue.
