McGraw-Hill downplays Salesforce misconfiguration-related breach

BleepingComputer reports that McGraw-Hill has disclosed that the limited set of data exposed during a breach caused by a Salesforce misconfiguration was non-sensitive and assured that its customer databases, internal systems, courseware, and Salesforce accounts were not impacted.

The education publishing company, which offers digital learning platforms, K-12 school and university systems, and textbooks, said it is working with Salesforce to fully address the breach and strengthen its protective measures. McGraw-Hill also noted that it has secured the affected webpages after discovering the unauthorized activity.

McGraw-Hill's announcement comes as the ShinyHunters extortion group threatened to expose over 45 million Salesforce records with personally identifiable information should the firm refuse to settle the demanded ransom. Before the purported attack against McGraw-Hill, ShinyHunters previously alleged breaching U.S. education technology firm Infinite Campus and other organizations, including Telus Digital, the European Commission, Wynn Resorts, Match Group, Rockstar Games, Hims & Hers, and Panera Bread.