Lee Enterprises said it incurred $2 million in restoration costs due to a major cybersecurity attack in February that also impacted second-quarter advertising revenue. 

The Davenport, Iowa-based newspaper chain suffered major disruptions during the February attack, when hackers encrypted critical applications and stole data. 

The company operates in 72 markets in 25 U.S. states, publishing major regional papers, including the Omaha World-Herald, the St. Louis Post-Dispatch and the Buffalo News.

The attack also affected the company’s finances by freezing its ability to bill and collect money from customers and limiting its ability to pay vendors, VP, CFO and treasurer Tim Millage told analysts during a quarterly earnings call last week. 

“While technical recovery is complete, there are some lingering impacts on our balance sheet, as we aim to improve working capital by reducing both accounts receivable and outstanding accounts payable throughout the remainder of the fiscal year,” Millage said during the call. 

The company’s sole lender, BH Finance, agreed to waive interest and basic rent payments in March, April and May, according to Millage. The company has $453 million in debt outstanding under its agreement with BH Finance, according to the earnings report. 

The company said many of the costs are subject to insurance reimbursement and the claims process is ongoing, according to Millage.

Lee Enterprises reported $137 million in total operating revenue for the quarter and said digital revenue rose 3% year-over-year, to $73 million, or 4% on a same-store basis. 

The company reported a net loss of $12 million for the quarter. 

The company previously warned in a regulatory filing that the attack would likely have a material impact on operations. 

The Qilin ransomware group previously claimed credit for the attack. The ransomware-as-a-service team claimed to have access to 350 gigabytes of data and threatened to release some of the information, but it is unclear if it did so.

A spokesperson for Lee Enterprises previously confirmed they were aware of the claim and were investigating. 

Qilin has been active in the ransomware space in recent months. Qilin affiliates engaged in phishing attacks targeting an administrator at a managed service provider, Sophos said in an April report.

Lee Enterprises has not explained how the hackers gained access to the company’s IT network.

The financial fallout underscores the potential long-term impacts on business resilience, according to Forrester, as research shows the average breach cost $2.7 million in 2024.

“It’s critical to have strong incident response processes in place to manage the fallout from an incident like this, especially against attacks that affect business continuity,” principal analyst Allie Mellen said via email. “In these scenarios, every minute counts, and ensuring personnel know what they need to do and when they need to do it can save precious time. This is especially true during ransomware incidents.”