McGraw-Hill Data Breach Confirmed After Extortion Threat

A significant data breach at McGraw Hill has been confirmed following an extortion threat from a cybercriminal group. The education and publishing giant acknowledged that attackers gained access to internal systems by exploiting a misconfiguration in its Salesforce environment. This incident underscores the persistent threat posed by third-party software vulnerabilities and the critical need for robust configuration management.

The company stated that the unauthorized access was identified and contained promptly. An investigation determined that the breach did not impact any student-facing platforms, including the ALEKS or Connect learning systems. According to McGraw Hill, no sensitive student information, such as grades or assessment data, was compromised. The accessed data reportedly consisted of internal corporate files.

This breach came to light after a ransomware group known as INC Ransom claimed responsibility. The group allegedly stole approximately 4.7 terabytes of data and attempted to extort the company before publishing a sample of the files on its dark web leak site. The published sample appeared to contain internal corporate documents, lending credibility to the group’s claims.

In its official statement, McGraw Hill emphasized its commitment to data security and confirmed it is cooperating with law enforcement. The company also noted it has taken steps to remediate the vulnerability and bolster its security posture. This event serves as a stark reminder for all organizations to conduct rigorous security audits of their cloud services and vendor platforms. Proactive monitoring for configuration errors is essential to prevent similar intrusions.