Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Experts believe the cause of the days-long outage to be the result of ransomware, though the company has not yet confirmed the nature of the attack


Book publisher Macmillan has been hit with what it describes as a “digital security incident”, with experts believing it could be ransomware.
The company’s staff have taken to social media to confirm that the incident has been hugely disruptive for its US side of the business, forcing the company to close its New York head office. Staff are also unable to access emails or files, and customers are unable to order from the company at the time of writing.
According to emails seen by Publishers Weekly, the publisher initially said that a portion of the company’s files had become encrypted and that it had taken all of its systems offline to prevent further compromise.
The company’s US sales team also confirmed that it was unable to process, receive, place, or ship orders as a result of the company-wide shut down of digital systems and physical offices.
However, the attack is affecting both US and UK arms of the company, IT Pro can confirm, after a member of staff said the press department was unable to be contacted due to all email and phone systems being down.
The staff member also said the company will most likely have resolved the incident by next week, but also perhaps even by Friday.
Macmillan originally told customers that it would shut down servers for just one day in an original email sent on Saturday 25 June, and that it is working with “third parties” to resolve the situation.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The attack on Macmillan Publishing does not appear to have been claimed by any major ransomware groups, following an examination of their victim blogs, but experts believe the evidence points to ransomware.
“Whilst, on the one hand, it is encouraging to see Macmillan responding proactively by taking systems offline, the damage has arguably already been done,” Trevor Dearing, director of critical infrastructure solutions at Illumio.
“It’s far safer for organisations to put in proactive protection before an attack happens. Restricting the movement of ransomware by closing unused and high-risk ports drastically reduces the impact of attacks like this one."
Macmillan staff speaking to IT Pro were unwilling to confirm whether the incident was ransomware, or whether any information had been lost or stolen as a result of the attack.

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.
-
The race is on for Higher Ed to adapt: Equity in hyflex learning
Hyflex courses can improve student wellbeing and engagement, but only with meeting technology that leaves no one behind
-
Gen Z workers are keen on AI in the workplace – but they’re still skeptical about the hype
News Younger workers could lead the shift to AI, but only think it can can manage some tasks
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operators
News A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attack
News A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?
News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the last
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.