Cyber Incident Victim: Lee Enterprises
Date:
Jan 2025
Location:
United States of America
Summary
A cybersecurity event disrupted Lee Enterprises' newspaper production systems, causing significant technical issues that delayed print deliveries and forced reduced editions in multiple markets. Digital access to E-Editions, subscription services, and online accounts was temporarily unavailable, with homepages displaying system delay messages. The company's CEO confirmed the incident was under investigation with law enforcement involvement and acknowledged efforts to determine potential data compromise. Operational impacts included partial digital content availability and reliance on alternative publishing methods for local news distribution across affected regions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 4, 2025, Lee Enterprises experienced widespread technical disruptions affecting print and digital newspaper operations across its portfolio of over 70 news outlets in Virginia and 24 other states. The incident prevented the publication of Tuesday’s print editions in multiple markets, including all ten Virginia-based newspapers owned by the company—Bristol, Culpeper, Charlottesville, Danville, Fredericksburg, Lynchburg, Martinsville, Roanoke, Richmond, and Waynesboro. Digital platforms were similarly impacted, with E-Editions (online replicas of print papers) displaying incomplete content—typically puzzles, comics, and advertisements—while lacking front pages and local news sections. Homepages across Lee’s websites displayed messages citing "system delays," "a server outage," or "companywide technology issues," while subscription and account management portals became inaccessible, erroneously attributed to "maintenance." Circulation disruptions affected over 50,000 combined print copies in Virginia alone on days when all papers produced physical editions, with many markets unable to distribute any Tuesday print product. Newsrooms mitigated the outage by publishing standalone local stories directly on homepage sections and social media platforms.
Lee Enterprises CEO Kevin Mowbray confirmed by February 8 that the disruptions stemmed from a "cybersecurity event," though the company declined to specify the attack vector, perpetrator, or intrusion timeline. Law enforcement agencies were notified, but the investigation remained ongoing with no public attribution or confirmation of data compromise. Mowbray stated the company was focused on determining whether any information was affected but offered no estimated resolution timeline for restored operations. The technical failures forced multiple newspapers to publish reduced print editions with fewer features, extending delivery delays beyond the initial outage window. No ransomware claims or explicit threats were disclosed publicly, and the company did not respond to media requests for additional technical details regarding system recovery efforts or forensic findings.