Data Breach at McGraw Hill Exposes 13.5 Million User Accounts

Severity: High (Score: 64.5)

Sources: Theregister, Cybersecuritynews, haveibeenpwned.com, Bleepingcomputer, Therecord.Media

Summary

In April 2026, McGraw Hill confirmed a data breach affecting approximately 13.5 million user accounts, attributed to a misconfiguration in its Salesforce environment. The ShinyHunters extortion group claimed responsibility, threatening to leak data unless a ransom was paid. The breach exposed over 100GB of data, including names, email addresses, phone numbers, and some physical addresses. McGraw Hill stated that the incident did not compromise sensitive data such as Social Security numbers or financial information. The company is collaborating with cybersecurity experts and Salesforce to address the issue. Despite assurances, the breach has raised concerns about the security of user data. The incident is part of a broader trend of attacks targeting organizations using Salesforce. The ShinyHunters group has previously breached other high-profile entities, indicating a pattern of targeting educational and corporate systems. Key Points: • McGraw Hill's data breach affects 13.5 million accounts due to a Salesforce misconfiguration. • ShinyHunters extortion group leaked over 100GB of data, including personal information. • The breach did not involve sensitive data like Social Security numbers or financial details.

Key Entities

• Data Breach (attack_type)
• Canada Goose (company)
• CarGurus (company)
• European Commission (company)
• Hims & Hers (company)
• Infinite Campus (company)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-862 - Missing Authorization (cwe)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)
• T1566 - Phishing (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• ShinyHunters (apt_group)