Education publishing company McGraw Hill has confirmed a massive data breach that resulted in over 100GB of sensitive data being publicly distributed online. The breach, which occurred in April 2026, followed an extortion attempt by threat actors who capitalized on a cloud misconfiguration.
The Salesforce Misconfiguration
The root cause of the data exposure was traced back to a misconfigured Salesforce environment. This error allowed unauthorized individuals to access and exfiltrate large volumes of data without triggering standard security alerts.
The leaked dataset contains 13.5 million unique email addresses, along with other personal information including:
- Names
- Physical addresses
- Phone numbers (in select records)
The incident also impacted OneDigital, a Salesforce customer, leading to the additional compromise of approximately 28,414 individuals’ names and Social Security numbers.
Impact and Mitigation
The exposure of such a massive trove of personal information puts affected individuals at an elevated risk of phishing, identity theft, and targeted social engineering attacks.
How to check if you are affected: Users who have interacted with McGraw Hill platforms or services should monitor their email addresses using services like Have I Been Pwned.
Required Actions:
- Be highly vigilant against phishing: Treat any unsolicited emails, especially those appearing to be from McGraw Hill or related educational services, with extreme caution.
- Enable Multi-Factor Authentication (MFA): Ensure that MFA is enabled on all critical accounts to prevent unauthorized access even if credentials are leaked.
- Monitor Identity: Consider investing in Identity Theft Protection services to monitor for fraudulent use of your personal information.