McGraw-Hill confirms data breach following extortion threat

Summary

Education company McGraw-Hill confirmed a data breach after the ShinyHunters extortion group announced the company as a victim and threatened to leak 45 million Salesforce records by April 14, 2026. The breach resulted from a Salesforce platform misconfiguration that exposed a limited set of non-sensitive data from a McGraw-Hill-hosted webpage; the company stated that customer databases, courseware, and internal systems were not compromised. ShinyHunters has claimed responsibility and is demanding ransom, though McGraw-Hill disputes the group's assertion that the exposed data contains sensitive PII.

Full text

McGraw-Hill confirms data breach following extortion threat By Bill Toulas April 14, 2026 02:07 PM 0 Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. The company assured that the breach did not affect its Salesforce accounts, customer databases, or internal systems, and that the amount of exposed data is limited and non-sensitive. “McGraw-Hill recently identified unauthorized access to a limited set of data from a webpage hosted by Salesforce on its platform. This activity appears to be part of a broader issue involving a misconfiguration within Salesforce’s environment that has impacted multiple organizations that work with Salesforce," a McGraw-Hill spokesperson told BleepingComputer. "Importantly, this did not involve unauthorized access to McGraw-Hill’s Salesforce accounts, customer databases, courseware, or internal systems,” the company representative added. McGraw-Hill further states that its investigation, with help from external cybersecurity experts, revealed that the exposed information does not contain Social Security numbers (SSNs), financial account information, or student data from its educational platforms. A global education company focused on learning content and platforms, McGraw-Hill offers textbooks, digital learning platforms, and K-12 school and university systems. The company is a major player in education publishing, with an annual revenue of $2.2 billion. The statement about the cyberattack comes in response to the extortion group ShinyHunters announcing McGraw-Hill as a victim on its dark-web portal and threatening to leak stolen data by April 14 unless a ransom is paid. The notorious threat actor claims to hold 45 million Salesforce records containing personally identifiable information (PII), contradicting the company’s statement that the compromised data is not sensitive in nature. McGraw-Hill on ShinyHunters' extortion portalSource: BleepingComputer McGraw-Hill also told BleepingComputer that the affected webpages were secured immediately after detecting the unauthorized activity, and that it is working closely with Salesforce to further strengthen protections and ensure that the issue is fully addressed. The ShinyHunters data extortion group has carried out several confirmed high-profile security breaches since the start of the year, including those against Rockstar Games, Hims & Hers, the European Commission, Telus Digital, Wynn Resorts, Canada Goose, Match Group, Panera Bread, and CarGurus. In March, the threat group also breached the American firm Infinite Campus, which also operates a K-12 student information system. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: Infinite Campus warns of breach after ShinyHunters claims data theftEuropean Commission confirms data breach after Europa.eu hackShinyHunters launches Salesforce data leak site to extort 39 victimsStolen Rockstar Games analytics data leaked by extortion gangSnowflake customers hit in data theft attacks after SaaS integrator breach

Entities