Lee Enterprises Suffers Qilin Ransomware Attack, Exposing Nearly 40,000 Individuals’ Data
In February, U.S. local newspaper publisher Lee Enterprises fell victim to a Qilin ransomware-as-a-service (RaaS) attack, resulting in the compromise of sensitive data belonging to 39,779 individuals, including Social Security numbers. The breach, which involved the exfiltration of 350 GB of data, disrupted both online and print production for several of the company’s local newspapers.
The data exposure was only confirmed on May 28, nearly four months after the initial intrusion, according to breach notification letters sent to affected individuals and filed with Maine regulators. In response, Lee Enterprises is offering one year of complimentary credit monitoring to impacted individuals and has pledged to cooperate in investigations to hold the attackers accountable.
The attack has had significant financial repercussions for the company, which reported spending $2 million on recovery efforts and experiencing severe disruptions to its advertising revenue. The incident underscores the growing threat of RaaS operations targeting critical infrastructure and media organizations.
Source: https://www.scworld.com/brief/almost-40k-impacted-by-lee-enterprises-ransomware-attack
The Buffalo News cybersecurity rating report: https://www.rankiteo.com/company/thebuffalonews
"id": "THE1765256680",
"linkid": "thebuffalonews",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '39,779 individuals',
'industry': 'Media',
'location': 'U.S.',
'name': 'Lee Enterprises',
'type': 'Newspaper Publisher'}],
'customer_advisories': 'Breach notification letters provided to impacted '
'individuals; offering one year of complimentary '
'credit monitoring services',
'data_breach': {'data_exfiltration': '350 GB of data exfiltrated',
'number_of_records_exposed': '39,779',
'personally_identifiable_information': 'Social Security '
'numbers',
'sensitivity_of_data': 'High (Social Security numbers)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2024-05-28',
'description': 'Major U.S. local newspaper publisher Lee Enterprises had '
'information from 39,779 individuals, including their Social '
'Security numbers, compromised as a result of an attack by the '
'Qilin ransomware-as-a-service operation in February. The '
'attack allegedly led to the exfiltration of 350 GB of data.',
'impact': {'data_compromised': '350 GB of data',
'financial_loss': '$2 million (recovery costs)',
'identity_theft_risk': 'High (Social Security numbers exposed)',
'operational_impact': 'Disrupted online and print production of '
'several U.S. local newspapers',
'revenue_loss': 'Severely impacted advertising revenue',
'systems_affected': 'Online and print production systems'},
'investigation_status': 'Ongoing (collaborating in further investigations)',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'source': 'The Record (Recorded Future)'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine regulators '
'notified'},
'response': {'communication_strategy': 'Breach notification letters provided '
'to impacted individuals and Maine '
'regulators',
'recovery_measures': 'Spent $2 million on recovery efforts'},
'threat_actor': 'Qilin ransomware-as-a-service operation',
'title': 'Lee Enterprises Data Breach by Qilin Ransomware',
'type': 'Ransomware'}