Lee Enterprises says cybersecurity incident cost millions

Lee Enterprises, a major U.S. regional newspaper publisher, continued to grapple with the aftermath of a ransomware attack attributed to the Qilin gang that disrupted operations across more than 75 newspapers and exfiltrated nearly 350 GB of sensitive data. The breach compromised information of about 39,779 individuals, including names, Social Security numbers, driver’s license details, financial and medical records, and internal corporate documents, prompting the company to issue notifications and offer a year of credit monitoring to those affected. Financial disclosures confirmed that the incident cost Lee Enterprises approximately $2 million in restoration expenses during the second quarter, with most of these costs expected to be recovered through insurance, though claims remained pending. The cyberattack also impaired billing, collections, and vendor payments, contributing to a net loss of $12 million on quarterly revenues of $137 million, while its sole lender, BH Finance linked to Berkshire Hathaway provided relief by waiving interest and rent obligations for March through May to ease liquidity pressures. Alongside these operational and financial challenges, Lee Enterprises faced heightened legal scrutiny, including three new class-action lawsuits from employees alleging inadequate cybersecurity protections and breach disclosures, as well as a $9.5 million settlement in a separate privacy case with subscribers, underscoring the profound financial, legal, and reputational impact of the ransomware strike on one of the nation’s most prominent newspaper groups.