Montana AG Investigates Lee Enterprises Ransomware Attack Impacting 40,000
A ransomware attack on Lee Enterprises, a Davenport, Iowa-based media company, has prompted an investigation by Montana Attorney General Austin Knudsen. The breach, attributed to the Qilin ransomware group, compromised the personal data of nearly 40,000 employees and subscribers earlier this year.
Lee Enterprises owns multiple newspapers in Montana, including the Helena Independent Record, Billings Gazette, Missoulian, and Montana Standard, as well as dozens of other publications nationwide. While the company has not publicly detailed the extent of the exposed data, the incident marks a significant cybersecurity failure for the media organization.
The Montana AG’s office confirmed the investigation on Friday, though official details had not yet been posted on its website at the time of reporting. This follows a broader trend of escalating ransomware attacks, with 2023 seeing record-high incidents and payments, according to a FinCEN report.
The breach adds to a growing list of cyber incidents in 2024, including a second data exposure in seven months at Methodist Homes of Alabama and Northwest Florida and a security lapse at Virginia Urology, where purported patient data began leaking online. Meanwhile, federal authorities secured a conviction against a Nigerian national for wire fraud, aggravated identity theft, and unauthorized computer access, underscoring the global reach of cybercrime.
Lee Enterprises has not yet issued a public statement on the investigation’s status or remediation efforts.
Desjardins cybersecurity rating report: https://www.rankiteo.com/company/desjardins
"id": "DES1767941129",
"linkid": "desjardins",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Nearly 40,000 employees and '
'subscribers',
'industry': 'Publishing, Digital News',
'location': 'Davenport, Iowa, USA',
'name': 'Lee Enterprises',
'type': 'Media Company'},
{'industry': 'Healthcare',
'location': 'Alabama and Northwest Florida, USA',
'name': 'Methodist Homes of Alabama and Northwest '
'Florida',
'type': 'Healthcare Provider'}],
'data_breach': {'number_of_records_exposed': 'Nearly 40,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': 'Personal data'},
'description': 'Lee Enterprises, a Davenport, Iowa-based media company, '
'experienced a ransomware attack by the group Qilin, '
'compromising the personal data of nearly 40,000 employees and '
'subscribers. The Montana Attorney General’s Office is '
'investigating the incident.',
'impact': {'data_compromised': 'Personal data of nearly 40,000 employees and '
'subscribers',
'identity_theft_risk': 'Aggravated identity theft risk (referenced '
'in related case)'},
'investigation_status': 'Ongoing (Montana Attorney General’s investigation)',
'ransomware': {'ransomware_strain': 'Qilin'},
'references': [{'source': 'DataBreaches.net',
'url': 'https://databreaches.net/feed/'},
{'source': 'Montana Attorney General’s Office'}],
'regulatory_compliance': {'legal_actions': 'Montana Attorney General’s '
'investigation'},
'threat_actor': 'Qilin',
'title': 'Lee Enterprises Ransomware Attack and Data Breach',
'type': 'Ransomware, Data Breach'}