DAVENPORT, Iowa — Lee Enterprises, the parent company of the Arizona Daily Star and the St. Louis Post-Dispatch, has disclosed that the personal information of nearly 40,000 people “may have been accessed or acquired” in a February cyberattack.
The hack hobbled the company’s newspapers for weeks and caused it to delay several debt payments.
The company sent an email to employees Wednesday saying it had completed its investigation into the Feb. 3 breach, and that some employees may have had their personal information compromised.
It also began sending letters to state attorneys general informing them of the impact on consumers, who may have had their information stolen.
Lee employs about 3,000 people at newspapers and other publications in 70 markets, according to securities filings.
People are also reading…
It’s unclear if the 40,000 include subscribers, vendors or others.
The breadth of the impact was first reported by British technology news service The Register.
In a letter sent Tuesday to the Maine Attorney General, Lee said it discovered May 28 that personal information had been accessed and taken during the hack. It told that state that 39,779 people were affected, though only a handful in Maine itself.
The company said it had informed affected individuals in that state and was providing free credit monitoring services for a year to those people. It was unclear if they were employees or subscribers.
The company said it will send personal letters to those impacted.
Personal information of nearly 40,000 people “may have been accessed or acquired” in a February cyberattack that affected the Arizona Daily Star and other publications of parent company Lee Enterprises, the company has disclosed.
The hack caused some of Lee’s newspapers to miss print publication for days.
While the Post-Dispatch, Lee’s largest paper, was able to print every day, the breach disrupted operations for weeks.
Similarly, the Star was able to maintain its daily publication schedule, but its print editions were significantly condensed for weeks.
The company disclosed the breach to federal securities regulators on Feb 18, two weeks after the hack.
Lee has delayed interest payments to its sole lender, Berkshire Hathaway Finance, in March, April and May, freeing up over $10 million in capital to recover from the breach.
Berkshire Hathaway Finance has allowed the delays and added the interest onto Lee’s roughly $450 million in debt, but in exchange, it amended its agreement with Lee to allow it to begin selling off some of the debt.
Lee told employees in the internal email on Wednesday that those who were affected would receive free identity theft protection services.
The company’s chief legal officer, Astrid Garcia, referred comment to a spokeswoman when asked how many employees, subscribers or others were impacted. The spokeswoman did not immediately respond.
