Lee Enterprises Data Breach Affects 39,779 Individuals

Lee Enterprises discovered a major cybersecurity incident that exposed the personal information of 39,779 individuals across the United States, including 13 residents of Maine and 17 in New Hampshire. The data breach involved unauthorized access to personally identifiable information (PII).

The data incident originated from a ransomware attack carried out by the Qilin group, a known threat actor in the cybercriminal community. The initial suspicious activity was detected by Lee Enterprises on February 3, 2025.

Lee Enterprises disclosed the incident to the Securities and Exchange Commission (SEC) on February 12, 2025. On May 28, 2025 it was determined that Social Security numbers and names were compromised in the data breach.

The Maine Attorney General's office and New Hampshire Attorney General's office were notified on June 3, 2025. The Oregon Attorney General's office was notified on June 4, 2025 and the Vermont Attorney General's office was notified on June 5, 2025.

Lee Enterprises's response

After discovering the data breach, Lee Enterprises filed a disclosure with the Securities and Exchange Commission and filed a notice with the Maine Attorney General's office. Written notice of the cybersecurity event was provided to the affected individuals.

If you received a data breach notification letter from Lee Enterprises, you can take the following steps:

• Enroll in the free IDX identity protection services offered Lee Enterprises.
• Monitor credit reports and account statements for suspicious activity.
• Consider placing a fraud alert or security freeze on your credit file.
• Be cautious of phishing attempts or suspicious communications referencing this breach.

Lee Enterprises has also set up a dedicated helpline for individuals affected by the data breach at 1-855-200-0677.

For more information about the company, visit the Lee Enterprises website.