Breach taxonomy
Summary
On February 3, 2025, Lee Enterprises experienced a systems outage when threat actors accessed the network, encrypted critical applications, and exfiltrated certain files. Distribution of print publications, billing, collections, and vendor payments were disrupted; online operations were partially limited. By the February 12 filing date, core products had been restored to normal distribution, but weekly and ancillary products (5% of revenue) remained offline with phased recovery anticipated over several weeks. The incident is expected to have a material financial impact; Lee holds a comprehensive cybersecurity insurance policy covering incident response, forensics, business interruption, and regulatory fines.
Tagging rationale
ThreatUnknown
Filing refers to 'threat actors' without naming or categorizing the actor type -> UNKNOWN.
MethodsRansomwareData Exfil
Filing confirms 'threat actors...encrypted critical applications' (ransomware) and 'exfiltrated certain files' (data exfiltration) -> RANSOMWARE + DATA-EXFIL.
AssetsRevenue ProcessPersonal Data
Encrypted applications disrupted distribution, billing, collections, and vendor payments (revenue processes); filing also notes investigation into whether PII was compromised -> REVENUE-PROCESS and PERSONAL-DATA.
EffectsBiz InterruptionCyber ExtortionInfo Privacy Loss
Distribution, billing, and collections were disrupted (BIZ-INTERRUPTION); ransomware with encryption implies cyber extortion demand (CYBER-EXTORTION); PII exfiltration under investigation (INFO-PRIVACY-LOSS).
Business continuityPartial
Filing states core products restored by Feb 12 with temporary manual measures, but weekly/ancillary products (5% of revenue) not yet restored and phased recovery anticipated over 'next several weeks' -> Partial.
Impact
Ransomware with data exfiltration at a newspaper publisher; multi-week disruption affecting distribution, billing, and ~5% of revenue; material financial impact expected; insurance coverage in place -> score 3.
InsuranceYes
Filing states 'Lee maintains a comprehensive cybersecurity insurance policy, which covers costs associated with incident response, forensic investigations, business interruption, and regulatory fines' -> true.
Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incident. On February 3, 2025, Lee Enterprises, Inc. ("Lee" or the "Company") experienced a systems outage caused by a cybersecurity attack. Upon discovery, Lee activated its incident response team, comprised of internal personnel and external cybersecurity experts retained to assist in addressing the incident. Preliminary investigations indicate that threat actors unlawfully accessed the Company's network, encrypted critical applications, and exfiltrated certain files. The Company is actively conducting forensic analysis to determine whether sensitive data or personally identifiable information (PII) was compromised. At this time, no conclusive evidence has been identified, but the investigation remains ongoing. In coordination with legal counsel, the Company has notified the relevant law enforcement about the matter, and will notify relevant federal and state regulatory bodies, and applicable consumer protection agencies, as necessary. The incident impacted the Company's operations, including distribution of products, billing, collections, and vendor payments. Distribution of print publications across our portfolio of products experienced delays, and online operations were partially limited. As of February 12, 2025, all core products are being distributed in the normal cadence, however weekly and ancillary products have not been restored. These products represent five-percent of the Company's total operating revenue. The Company anticipates a phased recovery over the next several weeks. Lee has implemented temporary measures, including manual processing of transactions and alternative distribution channels, to maintain critical business functions while systems are being restored. While the full scope of the financial impact is not yet known, the incident is reasonably likely to have a material impact on the Company's financial condition or results of operations. The Company is continuing its forensic investigation and analysis to assess the potential impact. Lee maintains a comprehensive cybersecurity insurance policy, which covers costs associated with incident response, forensic investigations, business interruption, and regulatory fines, subject to policy limits and deductibles.