Researchers verified a small sample of the data and reached out to McGraw Hill, who did not initially respond. Finally, the company announced on September 21st that they had removed all sensitive data out of the public buckets. Due to the growing regulatory burden, it is highly recommended that organizations store sensitive customers data securely, and utilize third party cybersecurity services to verify the security of such data in order to avoid liability, regulatory fines, and increases in cyber insurance costs. With the use of third-party storage becoming more popular, companies can also assess the value of third-party data storage vendors in accordance with their budget and risk management framework.
https://www.theregister.com/2022/12/20/mcgraw_hills_s3_buckets_exposed/?&web_view=true
