McGraw Hill — 13.5M accounts
Severity: High · Kind: Data breach
We've ingested this item but haven't summarised it yet. Read the upstream advisory using the link below in the meantime — the AI summary will appear here once the next run completes.
From the source
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt . Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
Breach facts
- Accounts affected
- 13,500,136
- Verified
- Yes
- Sensitive
- No
- Domain
- mheducation.com
- Data exposed
- Email addressesNamesPhone numbersPhysical addresses
Was this useful?
Plain-English summaries are AI-generated and reviewed for tone, not technical accuracy. For incident response, always rely on the original source linked above.