Is your local news at risk? News outlet owner hit with $9.5M privacy settlement and new lawsuits
- Replies 0
It’s been a rough year for local journalism—and not just because of shrinking newsrooms or the shift to digital.
Lee Enterprises, the Iowa-based company behind the St. Louis Post-Dispatch and more than 70 other newspapers across the country, is now facing serious legal and financial fallout.
The company has agreed to pay $9.5 million to settle a privacy lawsuit brought by subscribers.
At the same time, it’s facing three new class action lawsuits from employees over a significant data breach.
If you’re a reader or former employee, you may be wondering what this means for your personal information—and for the future of your local newspaper.
At the center of the storm is a proposed $9.5 million settlement between Lee Enterprises and subscribers who accused the company of violating their privacy rights.
The class action lawsuit alleges that Lee’s websites were quietly sharing personal data with Facebook—specifically, what videos subscribers watched—without properly informing them or securing consent.
The case includes nearly 1.53 million paid subscribers who viewed video content on Lee-owned websites between December 2020 and March 2025.
According to the complaint, this type of data-sharing could have allowed Facebook or other parties to identify which videos individual users had watched, making private browsing habits suddenly traceable.
In addition to the financial payout, Lee has agreed to make changes to its business practices to better protect subscriber data and improve transparency going forward.
While the settlement still needs final court approval, it’s already being seen as a significant win for consumer privacy.
Just as the subscriber lawsuit nears resolution, Lee Enterprises is now facing a second legal wave.
Three new proposed class actions, filed in the Southern District of Iowa, accuse the company of failing to protect its own employees’ sensitive information in a February 2025 cyberattack.
The plaintiffs—current and former employees—claim that Lee neglected basic cybersecurity protections that could have prevented the breach.
According to the lawsuits, data exposed in the attack included names, Social Security numbers, financial records, and even medical information.
The legal complaints cite negligence, breach of implied contract, unjust enrichment, and invasion of privacy.
They also criticize Lee’s response, calling the notification letters vague and inadequate.
One plaintiff described the company’s disclosure as “no real disclosure at all.”
The February breach was claimed by the Qilin ransomware group, a known cybercriminal organization.
They assert they accessed 350 gigabytes of sensitive company data, including contracts, spreadsheets, NDAs, and more.
Reports filed with the SEC and the Maine attorney general indicate that the breach affected more than 39,000 individuals.
In addition to the legal consequences, the breach has had a direct impact on operations—Lee disclosed that it spent $2 million on system restoration and experienced disruptions in billing and vendor payments.
This isn’t the company’s first run-in with hackers. In 2020, Iranian operatives reportedly breached Lee’s systems during a disinformation campaign tied to that year’s presidential election.
Two Iranian nationals were later charged in connection with the attack, which involved computer fraud, voter intimidation, and threats across state lines.
That case remains open.
If you’re one of the affected 1.53 million subscribers, you may be eligible for compensation once the settlement is finalized.
And if you’re a current or former employee, you may want to take extra steps—like monitoring your credit and identity—in case your information was compromised in the February breach.
The broader takeaway is clear: Companies that manage personal data must step up.
Subscribers and staff alike deserve better protections, especially as cyberattacks become more frequent and more sophisticated.
These lawsuits and security failures come at a time when many local newspapers are already struggling to stay afloat.
For Lee Enterprises, legal settlements and cyber-related costs could mean tighter margins, less room for investment, and potentially more staff cuts.
It raises hard questions: How will added financial strain affect your local newsroom? Will community coverage suffer? And can publishers balance the cost of cybersecurity with the mission of delivering essential local news?
At the same time, these events may push media companies to finally prioritize privacy, transparency, and digital security—a shift that’s long overdue in an industry that manages so much user data.
As legal challenges and cybersecurity risks continue to mount, the story unfolding at Lee Enterprises is a reminder of how high the stakes have become for both media companies and the communities they serve.
Whether it’s protecting subscriber trust or ensuring employee safety, the future of local journalism may depend on how seriously news organizations take their responsibility in a digital age.
Read next: Exposed: The landlord accused of putting renters at risk—see what the city is doing
Have you ever been affected by a data breach—at work, through a subscription, or elsewhere? Do you think companies are doing enough to safeguard your privacy? And how important is local journalism to you in a digital world?
We’d love to hear your experiences, thoughts, and concerns in the comments below. Your voice matters—especially when it comes to shaping the future of the news we all rely on.
Lee Enterprises, the Iowa-based company behind the St. Louis Post-Dispatch and more than 70 other newspapers across the country, is now facing serious legal and financial fallout.
The company has agreed to pay $9.5 million to settle a privacy lawsuit brought by subscribers.
At the same time, it’s facing three new class action lawsuits from employees over a significant data breach.
If you’re a reader or former employee, you may be wondering what this means for your personal information—and for the future of your local newspaper.
Lee Enterprises faces mounting legal and cybersecurity challenges impacting readers and employees across the country. Image Source: Pexels / Sora Shimazaki.
A costly privacy settlement for subscribers
At the center of the storm is a proposed $9.5 million settlement between Lee Enterprises and subscribers who accused the company of violating their privacy rights.
The class action lawsuit alleges that Lee’s websites were quietly sharing personal data with Facebook—specifically, what videos subscribers watched—without properly informing them or securing consent.
The case includes nearly 1.53 million paid subscribers who viewed video content on Lee-owned websites between December 2020 and March 2025.
According to the complaint, this type of data-sharing could have allowed Facebook or other parties to identify which videos individual users had watched, making private browsing habits suddenly traceable.
In addition to the financial payout, Lee has agreed to make changes to its business practices to better protect subscriber data and improve transparency going forward.
While the settlement still needs final court approval, it’s already being seen as a significant win for consumer privacy.
Also read: A major news outlet just regained White House access—what it could mean for press freedom
Three new lawsuits—this time from employees
Just as the subscriber lawsuit nears resolution, Lee Enterprises is now facing a second legal wave.
Three new proposed class actions, filed in the Southern District of Iowa, accuse the company of failing to protect its own employees’ sensitive information in a February 2025 cyberattack.
The plaintiffs—current and former employees—claim that Lee neglected basic cybersecurity protections that could have prevented the breach.
According to the lawsuits, data exposed in the attack included names, Social Security numbers, financial records, and even medical information.
The legal complaints cite negligence, breach of implied contract, unjust enrichment, and invasion of privacy.
They also criticize Lee’s response, calling the notification letters vague and inadequate.
One plaintiff described the company’s disclosure as “no real disclosure at all.”
Also read: Smokey Robinson faces $50M lawsuit filed by former employees
The cyberattack: what we know
The February breach was claimed by the Qilin ransomware group, a known cybercriminal organization.
They assert they accessed 350 gigabytes of sensitive company data, including contracts, spreadsheets, NDAs, and more.
Reports filed with the SEC and the Maine attorney general indicate that the breach affected more than 39,000 individuals.
In addition to the legal consequences, the breach has had a direct impact on operations—Lee disclosed that it spent $2 million on system restoration and experienced disruptions in billing and vendor payments.
Also read: Are Girl Scout cookies unsafe? What you need to know about the shocking lawsuit
Not Lee’s first cyber incident
This isn’t the company’s first run-in with hackers. In 2020, Iranian operatives reportedly breached Lee’s systems during a disinformation campaign tied to that year’s presidential election.
Two Iranian nationals were later charged in connection with the attack, which involved computer fraud, voter intimidation, and threats across state lines.
That case remains open.
Also read: 10,000 lies and a lawsuit—Google takes action against scammers
What it means for readers and employees
If you’re one of the affected 1.53 million subscribers, you may be eligible for compensation once the settlement is finalized.
And if you’re a current or former employee, you may want to take extra steps—like monitoring your credit and identity—in case your information was compromised in the February breach.
The broader takeaway is clear: Companies that manage personal data must step up.
Subscribers and staff alike deserve better protections, especially as cyberattacks become more frequent and more sophisticated.
Also read: Target hit with lawsuit over alleged privacy violations
A warning sign for local news
These lawsuits and security failures come at a time when many local newspapers are already struggling to stay afloat.
For Lee Enterprises, legal settlements and cyber-related costs could mean tighter margins, less room for investment, and potentially more staff cuts.
It raises hard questions: How will added financial strain affect your local newsroom? Will community coverage suffer? And can publishers balance the cost of cybersecurity with the mission of delivering essential local news?
At the same time, these events may push media companies to finally prioritize privacy, transparency, and digital security—a shift that’s long overdue in an industry that manages so much user data.
What you can do
- If you’re a subscriber, look out for updates on the settlement and check if you’re eligible to file a claim.
- If you’re a current or former employee, consider enrolling in identity protection services and monitor your financial accounts for unusual activity.
- For everyone, this is a good reminder to review your online privacy settings and stay informed about where and how your data is being shared.
As legal challenges and cybersecurity risks continue to mount, the story unfolding at Lee Enterprises is a reminder of how high the stakes have become for both media companies and the communities they serve.
Whether it’s protecting subscriber trust or ensuring employee safety, the future of local journalism may depend on how seriously news organizations take their responsibility in a digital age.
Read next: Exposed: The landlord accused of putting renters at risk—see what the city is doing
Have you ever been affected by a data breach—at work, through a subscription, or elsewhere? Do you think companies are doing enough to safeguard your privacy? And how important is local journalism to you in a digital world?
We’d love to hear your experiences, thoughts, and concerns in the comments below. Your voice matters—especially when it comes to shaping the future of the news we all rely on.
