
McGraw Hill
What was exposed
Email addressesNamesPhone numbersPhysical addresses
What to do if you were affected
- Expect more phishing and spam at this address. Treat messages that reference this company with extra caution.
- Watch for text-message phishing and SIM-swap attempts on your phone number.
- Be wary of targeted scams that use your personal details to sound convincing.
Details
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt . Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
Frequently asked questions
What is the McGraw Hill data breach?
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt . Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its...
When did the data breach happen?
This data breach occurred around April 2026.
How many accounts were affected?
Around 13,500,136 accounts were affected.
What information was exposed?
Exposed data included Email addresses, Names, Phone numbers and Physical addresses.
What should I do if I was affected?
Expect more phishing and spam at this address. Treat messages that reference this company with extra caution. Watch for text-message phishing and SIM-swap attempts on your phone number. Be wary of targeted scams that use your personal details to sound convincing.
Related breaches