ITS Notification Tool

April 16, 2026 10:26 - Leaked Credentials - McGraw Hill Data Breach View

What is McGraw Hill Data Breach? The Queen’s IT Services Security team recently became aware of the following. In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.

A number of these accounts included credentials belonging to accounts that have @queensu.ca usernames. As a precaution, Queen’s IT Services will expire the passwords of any Queen’s account found to be listed on the breached accounts list to ensure that the password posted will no longer be valid.

What should I do to protect myself? If you received an email message from IT Services concerning the expiry of your password, please take a moment to change your password before it expires. NetID passwords are changed at https://myaccount.microsoft.com/. Log in with your Queen's credentials and select Change Password.

We also encourage you to take the following actions to better protect yourself and your information:

Do not reuse passwords across your accounts.
If you have used your Queen’s password on multiple sites, we strongly encourage you to change that password on every other site where it has been used.
Be extra diligent of scams that may reference your Queen's account.

What data was compromised? A massive collection of email addresses, names, phone numbers, and physical addresses has been integrated into the Have I Been Pwned database (a website that alerts users about data breaches). To help understand the source of this information, you will find information below on how to review what services may be tied to your email address via the service called 'Have I been Pwned?"

Why is Queen’s expiring passwords for potentially breached accounts? Queen’s account holders who fail to follow safe password practices are at risk when breaches like this occur. To protect your Queen’s account IT Services are taking this action to prevent account compromises by ensuring all accounts associated with the posting of credentials have refreshed passwords.

What caused the data breach? It is not known to us as to the exact cause of this data breach. IT Services received this breach information from the service called “Have I Been Pwned?”. Visiting the website https://haveibeenpwned.com/ will allow you to enter and check your Queen’s University email address against all publicized breaches that reference your Queen’s email address. The site also provides details about the data breach, including links to additional information.

April 14, 2026 16:13 - SharePoint Sites - Intermittently unable to load Update View

Microsoft's investigation has concluded that their SharePoint service is healthy and that page loading issues may be due to third-party add-in's.

Please report any SharePoint Site loading issues to the IT Support Centre.

-------------------------------
Previous Description (April 13, 2026 07:38):

Microsoft is currently experiencing an issue with SharePoint Online sites intermittently failing to load. After briefing appearing, the site will become a blank page.

At this time, Microsoft is investigating the issue and will be providing updates throughout the day.