McGraw Hill Data Breach Exposes 13 Confirms Exposing

Education publishing giant McGraw Hill has confirmed a data breach following an extortion attempt. More than 100GB of stolen data is now publicly distributed online, exposing the personal information of approximately 13.5 million users.

The breach, disclosed in April 2026, stems from a misconfiguration in McGraw-Hill’s Salesforce environment. According to the company, the incident exposed “a limited set of data from a webpage hosted by Salesforce on its platform.” However, the scale of the leaked data tells a broader story.

After the extortion attempt failed to yield results, threat actors publicly released the stolen dataset. According to Have I Been Pwned the dumped files found 13.5 million unique email addresses spread across multiple files, with additional personal data fields including names, phone numbers, and physical addresses appearing inconsistently across various records.

What Data Was Compromised

The exposed dataset reportedly includes:

• Email addresses (13.5 million unique entries)
• Full names
• Phone numbers
• Physical addresses

Not all records contained every data field, suggesting the breach pulled from multiple database sources or that data completeness varied across user accounts.

Salesforce misconfigurations have become an increasingly common attack vector targeting enterprises that rely on the platform for customer and user data management.

In this case, a misconfigured webpage appears to have made sensitive user data accessible without proper authentication controls, a critical oversight for a company handling millions of student and educator records.

McGraw-Hill serves a global audience of students, educators, and academic institutions, making the exposure of this data particularly concerning. Victims may face phishing attempts, targeted social engineering attacks, and spam campaigns leveraging the leaked contact details.

McGraw-Hill’s Response

The company has acknowledged the breach and attributed it to the Salesforce misconfiguration, though it characterized the exposed data as limited. Critics argue that 13.5 million records and over 100GB of publicly released data represent a significant incident that goes beyond a minor configuration error.

Affected users are advised to:

• Be alert to phishing emails impersonating McGraw-Hill or affiliated educational institutions
• Monitor for unsolicited calls or messages using personal details
• Consider updating passwords associated with their McGraw-Hill accounts
• Watch for suspicious activity linked to their email addresses using breach monitoring services

The incident underscores the risks that cloud platform misconfigurations pose to organizations storing large volumes of user data and the reputational and legal consequences that follow when threat actors escalate extortion attempts by going public with stolen records.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.