Lee Enterprises: Cyber-attack could impact ‘financial condition’

Martin Kidston

(Missoula Current) The parent company of Montana's largest newspapers said the crippling cyber-attack that shut down print and digital news services for several days last month has been contained, and the company is working with a security vendor to restore the automation of its business processes.

However, it's not yet known whether hackers accessed personally identifiable information, Lee Enterprises stated. The company owns the Missoulian, the Billings Gazette, the Montana Standard, the Ravalli Republic and the Helena Independent Record, along with publications in 24 other states.

“Our investigation and forensic analysis to determine whether personally identifiable information was taken by the threat actors remains ongoing,” the company reported in a recent filing with the Securities and Exchange Commission. “We expect a definitive answer in the next several days.”

The company announced the ransomware attack in early February after the intrusion left it unable to process portions of its product, including print and online operations. Billing, collections and vendor payments were also impacted, according to the company.

Lee also said the incident was “reasonably likely” to impact the company’s financial results. Berkshire Hathaway has waived the interest payment on the company's pending loan. Doing so will free up roughly $3.7 million to provide “short-term” liquidity as the company looks to recover from the attack, according to Lee.

The Russian-linked Qilin ransomware “gang” has taken credit for the incident.

“The hackers claimed to have obtained 350 Gb of files from Lee Enterprises systems, including “investor records, financial arrangements that raise questions, payments to journalists and publishers, funding for tailored news stories, and approaches to obtaining insider information,” according to Security Week, a cybersecurity news source.

Security Week also reported that Qilin threatened to leak the stolen data on March 5 unless a ransom was paid. The group already has published samples of the stolen data, including screenshots of spreadsheets, passport and driver’s license scans, and corporate documents.

“Some Lee Enterprise employees now being told it might be a good idea to put 'a freeze' on personal credit 'for now' 'in light of recent news,'” Helena Independent Record sports reporter Daniel Shepard posted on X. “Just in case y'all were wondering how things are going. Shouldn't companies be held responsible for allowing info to be compromised?”

In filing it's Form 8-K with the SEC in February, Lee said it was working to shore up liquidity to fund the attack's “remediation efforts and other operations.”

“While the full scope of the financial impact is not yet known, the incident is likely to have a material impact on the company's financial condition and results of operations,” Lee stated.