Hackers Threaten to Leak Highly Sensitive Files from Lee Enterprises Breach

Ransomware operators are threatening media giant Lee Enterprises, saying they’ll leak highly sensitive data after a breach in early February if they don’t get a payout.

Lee Enterprises is a publicly traded US media company, a provider of local news and information, and a major platform for advertising. It publishes more than 70 newspapers in 25 states, more than 350 weekly or specialty publications, and has 1 million newspaper subscribers.

In its latest 8-K filing with the Securities and Exchange Commission, the company disclosed that hackers breached its IT network.

Hackers exfiltrated ‘certain files’

According to the 8K form, “On February 3, 2025, Lee Enterprises […] experienced a systems outage caused by a cybersecurity attack. Upon discovery, Lee activated its incident response team, comprised of internal personnel and external cybersecurity experts retained to assist in addressing the incident.”

Investigators have determined that “threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files.”

The hack affected distribution of products, billing, collections, and vendor payments, while distribution of print publications experienced delays, and online operations were partially limited. As of Feb. 12, most of Lee Enterprises’ core products are back to normal distribution. Weekly and ancillary products have not yet been restored.

The notice says the firm continues to investigate, with the help of digital forensics experts to determine whether any “sensitive data or personally identifiable information (PII)” was caught up in the breach.

“At this time, no conclusive evidence has been identified, but the investigation remains ongoing,” the filing, dated Feb 12., adds. […] “While the full scope of the financial impact is not yet known, the incident is reasonably likely to have a material impact on the Company’s financial condition or results of operations.”

If claims made by the Qilin ransomware crew are any indication, Lee Enterprises indeed faces a costly ordeal looking forward.

Qilin ransomware ops claim responsibility

Hackers with the Qilin ransomware operation recently claimed responsibility for the attack, leaking a handful of sample files and threatening to leak more, including highly revealing files, if Lee fails to comply with their demands.

From Qilin’s Tor leak site:

All data will be published on March 5, 2025. We are preparing to share sensitive data with the public that could shed new light on Lee Enterprises, a prominent newspaper publishing firm active across all U.S. states. The documents we hold about Lee Enterprises reveal details worth noting—investor records, financial arrangements that raise questions, payments to journalists and publishers, funding for tailored news stories, and approaches to obtaining insider information. This is a story that merits attention. Headquartered in Davenport, Iowa, and listed on Nasdaq under the ticker LEE, Lee Enterprises describes itself as a leading source of trusted local news and information, with robust digital platforms and innovative advertising solutions. By focusing on local audiences, they claim strong reader connections, stability amid economic shifts, and a top rank in digital marketing and content services. Yet, the information we’ve uncovered might offer a different perspective. Watch this space—Lee Enterprises is aware of what’s in play.

Qilin advertises 350GB of data pilfered from Lee Enterprises’ network

Source: BleepingComputer

Upon inquiry, a spokesperson for Lee Enterprises told BleepingComputer: “We are aware of the claims and are currently investigating them.”

A potentially costly event

In its 8K filing, Lee assures investors that the firm’s cybersecurity insurance covers such incidents. The company also says it “will provide updated guidance once a full assessment is completed.”

Considering Qilin’s sensational claims about the sensitive nature of the data they’re about to leak, the demands could be sky high.

Qilin’s wording indicates that Lee and the hackers are negotiating a ransom payment.

If you’re a subscriber with one of Lee’s branches, keep an eye out for suspicious emails or texts citing your personal data. Anyone affected by a data breach should consider a data monitoring service.

Bitdefender Digital Identity Protection lets you find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.