Last updated 1 month ago
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. The incident exposed over 100GB of data containing 13.5 million unique email addresses across multiple files, with additional fields such as name, physical address, and phone number appearing inconsistently across some records.
The breach was attributed to a Salesforce misconfiguration, which exposed a limited set of data from a webpage hosted by Salesforce on its platform. The attack vector was a misconfiguration, and no specific threat actor was named. The exposed data types included email addresses, names, physical addresses, and phone numbers.
No further post-incident details were provided in the article regarding regulatory actions, litigation, ransom payments, or remediation milestones.
Salesforce misconfiguration exposed data on a webpage; over 100GB of data later publicly distributed
McGraw Hill's breach underscores the critical need for rigorous cloud configuration management, particularly for platforms like Salesforce that handle customer-facing webpages. The exposure of 13.5 million records due to a misconfiguration suggests inadequate access controls and insufficient monitoring of third-party hosted services. Organizations in the education sector should implement automated configuration auditing and enforce least-privilege principles for all cloud-hosted data to prevent similar large-scale exposures.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector