• by Ray Schultz , June 4, 2025

Lee Enterprises has revealed that the cyber attack it was hit with in February exposed personal data on 39,779 individuals, including their first and last names and Social Security numbers. 

The company reported the data leak on Tuesday in a filing with the Maine Attorney General. The incident affected data on 13 Maine residents. 

“On or around May 28, 2025, Lee learned that personal information of certain individuals was potentially accessed without authorization,” said a letter to Maine Attorney General Aaron Frey from Jason Cherry, partner in Constangy Brooks, Smith & Prophete. 

Lee has notified the affected individuals, offering access to credit monitoring services for 12 months through IDX at no cost. It is also working with law enforcement. 

The company revealed in February that it was “experiencing companywide technology issues that have impacted our ability to prepare and publish some of our newspapers and online e-editions. We are working to correct the issue."

Commenting on the hacking episode in a financial filing earlier this month, Kevin Mowbray, president and chief executive officer of Lee Enterprises. “We incurred $2 million in restoration costs in the quarter related to the cyber incident, and second quarter advertising revenue was impacted as our product portfolio was limited for a period of time." 

The Qilin ransomware group has admitted it was the perpetrator of the cyber attack.