it

Data breach at edtech giant McGraw Hill affects 13.5 million accounts

Published: (April 16, 2026 at 06:35 AM EDT)
3 min read
Source: Bleeping Computer

Source: Bleeping Computer

The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts, stolen after breaching the company’s Salesforce environment earlier this month.

Founded in 1909, McGraw Hill is a leading global educational publisher with annual revenue of $2.2 billion, providing education content and solutions for PreK–12, higher education, and professional learning.

Breach Confirmation

The company confirmed ShinyHunters’ breach claims in a statement shared with BleepingComputer on Tuesday. According to the statement, the threat actors exploited a misconfiguration in the compromised Salesforce environment. The incident did not affect McGraw Hill’s Salesforce accounts, courseware, customer databases, or internal systems.

“McGraw‑Hill recently identified unauthorized access to a limited set of data from a webpage hosted by Salesforce on its platform. This activity appears to be part of a broader issue involving a misconfiguration within Salesforce’s environment that has impacted multiple organizations that work with Salesforce,” a McGraw‑Hill spokesperson told BleepingComputer.
Source

Data Leaked

ShinyHunters added McGraw Hill to the gang’s dark‑web leak site, claiming to have stolen 45 million Salesforce records containing personally identifiable information (PII) and threatening to publish the documents unless a ransom was paid.

Data breach notification service Have I Been Pwned reports that ShinyHunters has now leaked over 100 GB of files linked to 13.5 million accounts. The exposed information includes:

  • Names
  • Physical addresses
  • Phone numbers
  • Email addresses

These data points could be used for spear‑phishing attacks against McGraw Hill customers.

“More than 100 GB of data was later publicly distributed, containing 13.5 M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.” – Have I Been Pwned
Source

McGraw Hill entry on ShinyHunters’ data leak site (BleepingComputer)

The extortion gang has been linked to several other high‑profile breaches, including:

  • Rockstar Games – Data stolen from the Snowflake environment, containing internal analytics, support tickets, in‑game revenue, purchase metrics, player behavior tracking, and game‑economy data for Red Dead Online and Grand Theft Auto Online.
    Details

  • European Commission – Exposure of data belonging to 30 EU entities.
    Details

  • Infinite Campus – Breach claimed by ShinyHunters.
    Details

  • Hims & Hers – Data breach following a Zendesk support‑ticket compromise.
    Details

  • Telus Digital – Claim of 1 petabyte data theft.
    Details

  • Wynn Resorts – Employee data breach after extortion threat.
    Details

  • CarGurus – Exposure of information for 124 million accounts.
    Details

  • Panera Bread – Impact on 51 million accounts (not 14 million customers).
    Details

  • SoundCloud – Data breach affecting 298 million accounts.
    Details

  • Match Group – Breach exposing data from Hinge, Tinder, OkCupid, and Match.
    Details

0 views
#data breach #McGraw Hill #edtech #Salesforce #ShinyHunters #cybersecurity #extortion #personal data
View source
Share:
Back to Blog

Related posts

Read more »

Vercel April 2026 security incident

Security Incident We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems. We are actively investigating and...