Lee Enterprises Data Breach Affects 39,779 Individuals

Lee Enterprises discovered a major cybersecurity incident that exposed the personal information of 39,779 individuals across the United States, including 13 residents of Maine 17 in New Hampshire, and 986 in Texas. The data breach involved unauthorized access to personally identifiable information (PII).

The data incident originated from a ransomware attack carried out by the Qilin group, a known threat actor in the cybercriminal community. The initial suspicious activity was detected by Lee Enterprises on February 3, 2025.

Lee Enterprises disclosed the incident to the Securities and Exchange Commission (SEC) on February 12, 2025. On May 28, 2025 it was determined that Social Security numbers and names were compromised in the data breach.

The Maine, Montana, New Hampshire, California, Oregon, Vermont, Massachusetts and Texas Attorney Generals' offices were notified beginning on June 3, 2025. Affected individuals include 13 Mainers, 55 Massachusetts residents, 1,542 Montana residents, 986 Texans and 17 New Hampshire residents.

Lee Enterprises's response

After discovering the data breach, Lee Enterprises filed a disclosure with the Securities and Exchange Commission and filed a notice with the Maine Attorney General's office. Written notice of the cybersecurity event was provided to the affected individuals.

If you received a data breach notification letter from Lee Enterprises, you can take the following steps:

• Enroll in the free IDX identity protection services offered Lee Enterprises.
• Monitor credit reports and account statements for suspicious activity.
• Consider placing a fraud alert or security freeze on your credit file.
• Be cautious of phishing attempts or suspicious communications referencing this breach.

Lee Enterprises has also set up a dedicated helpline for individuals affected by the data breach at 1-855-200-0677.

For more information about the company, visit the Lee Enterprises website.