McGraw-Hill confirms data breach following extortion threat

McGraw-Hill has confirmed a data breach resulting from a Salesforce misconfiguration that enabled threat actors to access internal company data. The breach came to light following an extortion demand from the attackers. This incident highlights the significant risks posed by cloud service misconfigurations, particularly in widely-used platforms like Salesforce. The exposed data may include sensitive information from the education company's systems. Organizations leveraging Salesforce or similar CRM platforms should immediately review access controls, audit configurations, and implement least-privilege principles to prevent similar exploitation. McGraw-Hill is working to determine the full scope and impact of the breach.

Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]

McGraw-Hill has confirmed a data breach resulting from a Salesforce misconfiguration that enabled threat actors to access internal company data. The breach came to light following an extortion demand from the attackers. This incident highlights the significant risks posed by cloud service misconfigurations, particularly in widely-used platforms like Salesforce. The exposed data may include sensitive information from the education company's systems. Organizations leveraging Salesforce or similar CRM platforms should immediately review access controls, audit configurations, and implement least-privilege principles to prevent similar exploitation. McGraw-Hill is working to determine the full scope and impact of the breach. Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...] Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]