Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incident. On February 3, 2025, Lee Enterprises, Inc. ("Lee" or the "Company") experienced a systems outage caused by a cybersecurity attack. Upon discovery, Lee activated its incident response team, comprised of internal personnel and external cybersecurity experts retained to assist in addressing the incident. Preliminary investigations indicate that threat actors unlawfully accessed the Company's network, encrypted critical applications, and exfiltrated certain files. The Company is actively conducting forensic analysis to determine whether sensitive data or personally identifiable information (PII) was compromised. At this time, no conclusive evidence has been identified, but the investigation remains ongoing. In coordination with legal counsel, the Company has notified the relevant law enforcement about the matter, and will notify relevant federal and state regulatory bodies, and applicable consumer protection agencies, as necessary. The incident impacted the Company's operations, including distribution of products, billing, collections, and vendor payments. Distribution of print publications across our portfolio of products experienced delays, and online operations were partially limited. As of February 12, 2025, all core products are being distributed in the normal cadence, however weekly and ancillary products have not been restored. These products represent five-percent of the Company's total operating revenue. The Company anticipates a phased recovery over the next several weeks. Lee has implemented temporary measures, including manual processing of transactions and alternative distribution channels, to maintain critical business functions while systems are being restored. While the full scope of the financial impact is not yet known, the incident is reasonably likely to have a material impact on the Company's financial condition or results of operations. The Company is continuing its forensic investigation and analysis to assess the potential impact. Lee maintains a comprehensive cybersecurity insurance policy, which covers costs associated with incident response, forensic investigations, business interruption, and regulatory fines, subject to policy limits and deductibles.