ShinyHunters breached McGraw-Hill via a Salesforce environment misconfiguration, claiming 45 million PII records and threatening public release as of April 14. Salesforce has publicly acknowledged the campaign affects multiple tenants, making this a platform-wide configuration risk rather than an isolated incident. Remediation is configuration-based; no software patch exists.