Newspaper giant Lee Enterprises has reported that personal information belonging to 39,779 people was stolen in a February 2025 ransomware attack which you can read about here.
Jim Routh, Chief Trust Officer at Saviynt had this to say:
“Sophisticated threat actors continue to target enterprises with a high likelihood of making an extortion payment to resume critical operations. Often the threat actors will target an enterprise data replication and recovery infrastructure to create great disincentive to avoid a ransom payment.
“The key for enterprises to avoid these types of attacks is to supplement their privileged access user monitoring system (PAM) with continuous validation based on user behavior analytics. Any significant deviation of pattern by a privileged user results in an automatic revocation of the entitlement operating in milliseconds. Continuous validation is not common for enterprises today, but it offers an essential control to reduce the risk of a ransomware attack causing significant business disruption.”
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 adds this:
“This seems like a standard, run-of-the-mill ransomware event. It is a little concerning that the breach happened in early February and impacted victims are just learning about the breach 4 months later. That isn’t timely.
“Second, this is the second data breach they suffered. What can they tell customers and employees to allay fears of another breach? Do they know how this breach happened, or the last? What steps are they taking to make sure that further breaches using the same methods or other hacking methods don’t happen again?
“Every company is given one breach forgiveness. But not two. When the second breach happens, customers and victims need to know how the breach happened (likely social engineering, unpatched software or firmware, or weak credentials), and what steps the company is taking to prevent it from happening again. Customers won’t likely give automatic forgiveness for the third breach.”
I will be interested in finding out what actually happened here and what Lee Enterprises will do to stop it from happening again. Hopefully those details actually see the light of day seeing as almost 40,000 people have been affected in this attack.
Like this:
Like Loading...
Related
This entry was posted on June 4, 2025 at 12:49 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Lee Enterprises Discloses That Almost 40K People Have Had Their Information Stolen In A Ransomware Attack
Newspaper giant Lee Enterprises has reported that personal information belonging to 39,779 people was stolen in a February 2025 ransomware attack which you can read about here.
Jim Routh, Chief Trust Officer at Saviynt had this to say:
“Sophisticated threat actors continue to target enterprises with a high likelihood of making an extortion payment to resume critical operations. Often the threat actors will target an enterprise data replication and recovery infrastructure to create great disincentive to avoid a ransom payment.
“The key for enterprises to avoid these types of attacks is to supplement their privileged access user monitoring system (PAM) with continuous validation based on user behavior analytics. Any significant deviation of pattern by a privileged user results in an automatic revocation of the entitlement operating in milliseconds. Continuous validation is not common for enterprises today, but it offers an essential control to reduce the risk of a ransomware attack causing significant business disruption.”
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 adds this:
“This seems like a standard, run-of-the-mill ransomware event. It is a little concerning that the breach happened in early February and impacted victims are just learning about the breach 4 months later. That isn’t timely.
“Second, this is the second data breach they suffered. What can they tell customers and employees to allay fears of another breach? Do they know how this breach happened, or the last? What steps are they taking to make sure that further breaches using the same methods or other hacking methods don’t happen again?
“Every company is given one breach forgiveness. But not two. When the second breach happens, customers and victims need to know how the breach happened (likely social engineering, unpatched software or firmware, or weak credentials), and what steps the company is taking to prevent it from happening again. Customers won’t likely give automatic forgiveness for the third breach.”
I will be interested in finding out what actually happened here and what Lee Enterprises will do to stop it from happening again. Hopefully those details actually see the light of day seeing as almost 40,000 people have been affected in this attack.
Share this:
Like this:
Related
This entry was posted on June 4, 2025 at 12:49 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.