Cyberattack likely to have ‘material impact’ on media giant Lee Enterprises’ bottom line

Media conglomerate Lee Enterprises told regulators on Friday that hackers had stolen files and encrypted “critical applications” as part of an incident that impacted the operations of dozens of newspapers nationwide.

Beginning in early February, deliveries of the print editions of some of Lee Enterprises newspapers — which include the St. Louis Post-Dispatch, Arizona Daily Star and dozens of others — were disrupted. The publications posted identical statements on their websites and in newspapers about a cyber incident. 

In a filing to the Securities and Exchange Commission on Friday, the company shed more light on the severity of the cyberattack, which is still unresolved. While they do not explicitly say the incident involved ransomware, it bears the hallmarks of such an attack. 

“Preliminary investigations indicate that threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files,” they said. “The incident impacted the Company’s operations, including distribution of products, billing, collections, and vendor payments. Distribution of print publications across our portfolio of products experienced delays, and online operations were partially limited.”

“Core products” are being delivered to subscribers as scheduled, but “weekly and ancillary products” — which make up 5% of operating revenue — are still disrupted. A “phased recovery” is likely over the next few weeks, the company said.

“While the full scope of the financial impact is not yet known, the incident is reasonably likely to have a material impact on the Company’s financial condition or results of operations,” they told regulators. “The Company is continuing its forensic investigation and analysis to assess the potential impact.”

Lee Enterprises is the parent company of 72 newspapers, as well as nearly 350 weekly and specialty publications across 25 states. 

The incident follows several other high-profile cyberattacks on news outlets in recent years that have disrupted operations, including a 2021 ransomware attack that stopped the presses at 78 Norwegian newspapers owned by the company Amedia. In December 2022, the Guardian temporarily shuttered its newsroom after it detected an incident. The company later said hackers had accessed staff data.