Skip to content
Tech News
← Back to articles

Data breach at edtech giant McGraw Hill affects 13.5 million accounts

2026-04-16 | original
read original get Data Breach Prevention Toolkit → more articles
Why This Matters

The data breach at McGraw Hill exposes the vulnerability of educational technology companies to cyberattacks, highlighting the importance of robust security measures. With millions of user accounts compromised, this incident underscores the growing threat of data breaches in the edtech sector and the need for proactive cybersecurity practices to protect sensitive information for consumers and organizations alike.

Key Takeaways

The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company's Salesforce environment earlier this month.

Founded in 1909, McGraw Hill is a leading global educational publisher with annual revenue of $2.2 billion, which provides education content and solutions for PreK–12, higher education, and professional learning.

The company confirmed ShinyHunters' breach claims in a statement shared with BleepingComputer on Tuesday, saying the threat actors exploited a misconfiguration in the compromised Salesforce environment and that the incident didn't affect its Salesforce accounts, courseware, customer databases, or internal systems.

"McGraw-Hill recently identified unauthorized access to a limited set of data from a webpage hosted by Salesforce on its platform. This activity appears to be part of a broader issue involving a misconfiguration within Salesforce's environment that has impacted multiple organizations that work with Salesforce," a McGraw-Hill spokesperson told BleepingComputer.

This came after ShinyHunters added the company to the gang's dark web leak site, claiming to have stolen 45 million Salesforce records containing personally identifiable information (PII) and threatening to leak the allegedly stolen documents online unless a ransom is paid.

McGraw Hill entry on ShinyHunters' data leak site (BleepingComputer)

​While McGraw Hill has yet to share how many individuals were affected by the resulting data breach, data breach notification service Have I Been Pwned says ShinyHunters has now leaked over 100GB of files containing data linked to 13.5 million accounts.

The exposed information includes names, physical addresses, phone numbers, and email addresses, which threat actors could use to target McGraw Hill customers in spear-phishing attacks.

"In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed 'a limited set of data from a webpage hosted by Salesforce on its platform'," Have I Been Pwned said today.

"More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records."

... continue reading

Explore topics: shinyhunters salesforce edtech data breach mcgraw hill
Related:
Vercel Employee's AI Tool Access Led to Data Breach
AI cloud company Vercel breached after employee grants AI tool unrestricted access to Google Workspace — hacker seeking $2 million for stolen data
App host Vercel says it was hacked and customer data stolen
Seiko USA website defaced as hacker claims customer data theft
Marc Benioff Says the Software Bears Are All Wrong About Salesforce

© 2026 GoKawiil

About | Editorial Policy | Contact