In The Event Of
Get started free
M

McGraw Hill Data Breach 2026:
What You Need to Know

On 16 April 2026, education publisher McGraw Hill confirmed a breach stemming from a Salesforce misconfiguration. Approximately 100 GB of data containing roughly 13.5 million unique email addresses plus names and addresses was distributed.

Disclosed:16 April 2026
Records affected:~13.5 million
Risk level:High

Your personal risk from this breach

Sign in or create a free account to see your personalised risk score.

View My Risk

What Happened

How the McGraw Hill Breach Unfolded

Early 2026

A misconfigured Salesforce object on McGraw Hill's instance was accessible without authentication, part of a broader wave of Salesforce-data-theft attacks attributed to the ShinyHunters extortion group, which claimed it had stolen roughly 45 million Salesforce records across multiple organisations and threatened to leak the documents online unless a ransom was paid.

16 April 2026

McGraw Hill publicly confirmed the breach after approximately 100 GB of data was distributed online. The dataset contained ~13.5 million unique email addresses, plus names and physical addresses (appearing inconsistently across some records) linked to customers, prospects and institutional contacts.

Late April 2026

McGraw Hill began notifying affected customers and regulators. The company stated that no Social Security numbers, financial account information or student data from its educational platforms were contained in the exposed Salesforce object, and that it had secured the affected webpages immediately on detection.

If you are a student or instructor who has interacted with McGraw Hill marketing materials, you may be in the affected set even if you have never bought a product.

Source: McGraw Hill Newsroom

What Was Exposed

Personal Data Leaked in the Breach

The leaked Salesforce dataset is a marketing and customer- relationship database. It primarily holds contact details for customers, prospects and institutional contacts. Coursework, grades and student records were not part of the exposed object.

Data TypeRisk LevelWho Was Affected
Email addressHighAll approximately 13.5 million unique addresses in the dump
Full nameHighMost affected records
Physical addressHighSubset of affected records
Phone numberHighSubset of affected records
Institution / schoolMediumRecords associated with educational sales contacts
Course / product interestLowMarketing-tracked records

Risk levels based on the OAIC: What is personal information? and OAIC Australian Privacy Principles. Identity-linked data (name, physical address, phone, email) is rated High because the combination supports targeted spear-phishing at scale and is commonly used to verify identity at banks and telcos. Institution and product-interest fields are rated lower because they primarily refine attacker targeting rather than enable identity fraud directly.

✅ Confirmed NOT Exposed

McGraw Hill has stated that passwords, payment-card numbers, coursework, grades, and FERPA-protected student records were not stored in the affected Salesforce object.

Company Response

What McGraw Hill Did

“We have completed a thorough review with external forensic experts and notified the relevant authorities. We are taking additional steps to harden our cloud configuration to prevent any recurrence.”
McGraw Hill statement, April 2026

Actions Taken by McGraw Hill

  • Locked down the misconfigured Salesforce object and audited all sharing rules across the instance
  • Engaged third-party cyber forensics specialists to confirm the scope of access
  • Notified regulators in the US, EU and Australia
  • Began emailing affected customers and institutional contacts
  • Published guidance on identifying education-themed phishing using the leaked dataset
McGraw Hill NewsroomOAIC: Notifiable Data Breaches

What Now?

Steps You Can Take After the McGraw Hill Breach

The exposed data is principally email name and institution affiliation. That combination is exactly what attackers need for convincing education-themed phishing: fake “course access expired” emails, fake instructor adoption requests, and fake reseller invoices.

Education Platform Accounts

Your McGraw Hill account details were exposed. Other ed-tech accounts may use the same email.

Secure your McGraw Hill Connect / SmartBook account

~5 min
If you use McGraw Hill Connect, SmartBook, ALEKS or any other McGraw Hill platform, update the password and enable MFA where available. Check the device list for unfamiliar logins, especially around the breach timeline.
McGraw Hill Connect sign-in

Review other ed-tech accounts

Where the same email and password combination has been used across Canvas, Blackboard, Moodle, Pearson, Cengage, or Wiley platforms, consider updating credentials there too. Education accounts often share an institutional email, which makes credential reuse particularly risky.

Email and Digital Identity

Your email is the key to your digital identity. Securing it is a sensible first step.

Strengthen email security

~5 min
Updating the password and enabling MFA on email accounts associated with the breach is widely recommended. It is also worth checking email forwarding rules and connected app permissions, as these can be exploited to silently intercept communications.

Understand your full account exposure

Most people have dozens of online accounts linked to a single email address. When that email is exposed in a breach, understanding which services are connected is a critical first step in assessing personal risk. Tools that map your digital footprint can help identify accounts that may need attention.

Identity Protection

Email + name + institution affiliation is the ideal toolkit for targeted spear-phishing.

Treat unsolicited "textbook adoption" emails with suspicion

If you are an instructor or course coordinator, attackers may impersonate publishers asking for sample copy orders or shipping address confirmations. Always verify via a known McGraw Hill rep or by calling the institution's known supplier number.

Watch for fake course-access expiry messages

Students should be wary of any email claiming Connect or ALEKS access has expired and asking for payment via a link. Always sign in directly via your LMS or McGraw Hill account rather than clicking the link.

Monitoring and Reporting

Resources for breach response in Australia, the US and the EU.

Report to your jurisdiction's regulator

In Australia, contact IDCare (1800 595 160). In the US, file a complaint with the FTC at identitytheft.gov. In the EU, your national Data Protection Authority can take complaints under the GDPR.

Consider requesting erasure

Under the GDPR (EU/UK), Australia's Privacy Act, and equivalent US state laws, you can request that McGraw Hill delete your data. This will not reverse the existing leak but reduces future exposure.

Not sure which of your accounts are affected?

In The Event Of discovers your accounts automatically and alerts you in real time when new breaches affect your data.

Check My Email Free

Are You Still at Risk?

Compound Risk: McGraw Hill Plus Other Data Leaks

The McGraw Hill leak is, by itself, mostly contact data, but attackers combine it with prior leaks to enrich profiles for high-value targets. Researchers, instructors and administrators are typical spear-phishing targets.

Why this matters

If your email also appears in a credential-bearing breach (such as LinkedIn, Adobe, or any of the MOAB compilations), an attacker who knows your educational affiliation from McGraw Hill and your reused password from elsewhere can target your institutional LMS, library, or research-grant accounts with very high confidence.

  • LinkedIn (2021)700M records - name, email, phone, employer (career profile)
  • Adobe (2013)153M records - email, password hashes (still credential-stuffed)
  • MOAB (2024)26B aggregated records - reused credentials at massive scale
  • DemandScience (2024)122M records - work emails, employers, job titles

In The Event Of can overlay your breach exposure across multiple datasets and tell you where your compound risk is highest.

Were you affected?

Find out in 30 seconds. Free to check.

Check My Email Free

No credit card required.

Frequently Asked Questions

McGraw Hill Breach FAQ

Sources

  1. Have I Been Pwned: McGraw Hill Data Breach
  2. BleepingComputer: "McGraw-Hill confirms data breach following extortion threat"
  3. The Register: "McGraw Hill linked to 13.5M-record data leak"
  4. The Record (Recorded Future News): Educational company McGraw Hill says Salesforce misconfiguration led to data leak
  5. McGraw Hill: Newsroom & Press Releases
  6. Salesforce: Security best practices for object sharing
  7. OAIC: Notifiable Data Breaches Scheme (Australia)
  8. OAIC: What is personal information? (Privacy Act 1988 categories)
  9. OAIC: Australian Privacy Principles

Other Major Australian Data Breaches

Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.

NYC Health + Hospitals Data Breach 2026

~1.8M records exposed

Critical

Australian Courts Data Breach 2026

Thousands of files records exposed

Critical

youX Data Breach 2026

~444K records exposed

High

Prosura Data Breach 2026

300K-500K records exposed

High

Canvas (Instructure) Data Breach 2026

~275M (claimed) records exposed

Medium

Booking.com Data Breach 2026

Undisclosed records exposed

High

Crunchyroll Data Breach 2026

Undisclosed records exposed

High

Eurail Data Breach 2026

300K+ records exposed

High

Basic-Fit Data Breach 2026

1M records exposed

High

Under Armour Data Breach 2025

72M records exposed

High

Salesforce (ShinyHunters) Data Breach 2025

~1B records exposed

High

Allianz Life Data Breach 2025

2.8M records exposed

High

Workday Data Breach 2025

Undisclosed records exposed

Medium

Western Sydney University Data Breach 2025

10K records exposed

High

Genea Fertility Data Breach 2025

940K records exposed

Critical

DeepSeek Data Breach 2025

1M records exposed

Medium

Tangerine Telecom Data Breach 2024

232K records exposed

High

Australian Clinical Labs Data Breach 2022

223K records exposed

Critical

Qantas Data Breach 2025

5.7M records exposed

High

Optus Data Breach 2022

9.8M records exposed

Critical

Medibank Data Breach 2022

9.7M records exposed

Critical

Latitude Financial Data Breach 2023

14M records exposed

Critical

MyDeal (Woolworths) Data Breach 2022

2.2M records exposed

High
View all breach guides →

Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. The information is based on publicly available sources at the time of writing and may not reflect the most current developments. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with McGraw Hill LLC. If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.