McGraw-Hill has confirmed a limited data breach involving non-sensitive information, attributing the incident to a misconfiguration in a Salesforce-hosted webpage rather than a direct compromise of its internal systems. The company stated that the issue is part of a broader problem affecting multiple organizations using Salesforce’s platform.
According to a McGraw-Hill spokesperson, the company recently identified unauthorized access to a small set of data exposed through a webpage hosted on Salesforce. The spokesperson clarified that the breach did not involve access to McGraw-Hill’s core systems, including its Salesforce accounts, customer databases, courseware, or internal infrastructure.
The incident gained attention after the cybercriminal group ShinyHunters claimed responsibility for stealing 45 million Salesforce-related records. The group also threatened to release the data publicly if a ransom demand was not met by April 14. McGraw-HillMcGraw Hill was listed among several high-profile organizations on the group’s leak site, alongside companies such as Rockstar Games.
Upon discovering the issue, McGraw-Hill stated that it acted quickly to secure the affected webpages and initiate an internal investigation. The company’s preliminary findings indicate that the compromised data is limited in scope and does not include sensitive information such as Social Security numbers, financial data, or student records.
Despite the breach, McGraw-Hill emphasized that the exposure was contained and did not impact critical or confidential datasets. However, the company has not disclosed the number of individuals potentially affected by the incident.
Salesforce also addressed the situation, with a spokesperson stating that there is no evidence suggesting a compromise of its core platform. The company noted that the activity appears unrelated to any known vulnerability within its technology and reiterated that the issue stems from a configuration-related exposure rather than a systemic security failure.
The breach highlights ongoing risks associated with third-party platforms and cloud-based services, where configuration errors can create unintended access points. It also underscores the continued activity of ShinyHunters, a cybercriminal group that has repeatedly targeted Salesforce customers across multiple industries over the past year.
Law enforcement agencies in the United States and the United Kingdom have previously taken action against members of the group following a series of high-profile cyberattacks affecting sectors such as insurance, retail, and aviation. Despite these efforts, the group’s continued activity signals persistent threats facing organizations that rely on interconnected digital ecosystems.
McGraw-Hill stated that it is working closely with Salesforce to strengthen security measures and ensure that similar issues are fully addressed moving forward.
Recommended Cyber Technology News :
- Microsoft, Salesforce Fix AI Agent Data Leak Flaws
- Cyber Attack on LAPD Leads to Police Data Leak Online
- Grafana Fixes AI Bug That Risked Sensitive Data Leak
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
