Media giant Lee Enterprises confirms cyberattack as news outlets report ongoing disruption

Lee Enterprises, a media giant that owns dozens of newspapers across the United States, has confirmed a cyberattack on its systems is behind ongoing disruption at dozens of newspapers and media outlets across the United States.

In an email shared with customers sent Friday, which TechCrunch has seen, Lee CEO Kevin Mowbray said the company was working to “fully restore our systems” following a cyberattack earlier in the week. 

Tracy Rouch, a spokesperson for Lee Enterprises, confirmed to TechCrunch that the outages were caused by a “cybersecurity event” and that the company was “now focused on determining what information — if any — may have been affected by the situation.”

The spokesperson declined to say if it had received any communication from the hackers, or if it had a timeline for recovery. The company would not say if it has the technical means, such as logs, to determine if any information was accessed or stolen. 

Lee did not describe the nature of the cyberattack, nor would the company comment beyond its email.

Lee is one of the largest newspaper publishers in the U.S. and provides publishing technology and website services to 72 publications, including the St. Louis Post-Dispatch, which broke news of the story on Friday.

The Post-Dispatch said while it had not missed any days of publication, most of this week’s newspaper editions were affected. Some newspapers were smaller on some days, the Post-Dispatch said. 

Several other news outlets reported that they were affected by the cyberattack at Lee, including the Casper Star-Tribune in Wyoming. In a news article on its website, the Star-Tribune said, “many of Lee’s newspapers initially were not able build pages and publish, though the company has been working to print and deliver back issues.” The newspaper’s website warns that the cyberattack may “temporarily affect access to subscription accounts.”

According to a February 3 email sent to all Lee employees, seen by TechCrunch, Lee reported that one of its data centers hosting applications and services used by Lee employees and media outlets were offline, including its systems for subscriber services. 

An email to Lee employees sent later the same day said that its call center applications, some phone lines and other core systems, including its VPN for remote employees and single sign-on for accessing applications, were inaccessible.

The outages have yet to resolve as of Monday. Lee would not make its CISO Rob Hoffpauir available for an interview.

Lee Enterprises released its latest quarterly earnings this week, reporting earnings of $144.6 million for the fiscal first quarter — down 7% year-over-year — but made no reference to the outage or cyberattack.

This is the second known cyberattack on Lee in the past five years. The Wall Street Journal reported in 2021 that Iranian hackers compromised Lee’s content management system as part of a campaign aimed at spreading disinformation ahead of the 2020 presidential election.