Cyber Incident Victim: Macmillan Publishers

On or around June 25, 2022, Macmillan Publishers experienced a significant digital security incident that disrupted operations across its US and UK divisions. The company initially informed customers via email on June 25 that it would shut down servers for one day while working with unspecified third parties to address the situation. Internal communications reviewed by Publishers Weekly revealed that a portion of Macmillan's files had become encrypted, prompting the organization to take all systems offline to contain further compromise. This action resulted in widespread operational paralysis: the US sales team could not process, receive, place, or ship orders, while staff lost access to email systems and critical files. The disruption forced the temporary closure of Macmillan's New York headquarters, with employees confirming via social media that physical offices remained inaccessible.

The company-wide system outage extended beyond initial projections, with staff indicating recovery might take until the end of the week or potentially extend into the following week. Both US and UK operations were affected, as evidenced by the complete inaccessibility of Macmillan's press department through standard email and phone channels. While cybersecurity experts cited encryption of files and system-wide takedown as indicators of ransomware, no major ransomware groups claimed responsibility for the attack based on examinations of their victim disclosure platforms. Macmillan declined to confirm whether ransomware caused the incident or whether data exfiltration occurred. The organization maintained its focus on containment through sustained system isolation and third-party collaboration, without publicly disclosing technical details about attack vectors, initial access methods, or data compromise. Customer ordering systems remained nonfunctional during the immediate aftermath, with no restoration timeline provided in available communications.