McGraw Hill breach exposes 13.5M user accounts

McGraw Hill, one of the world's largest educational technology companies, confirmed the security incident affecting its user base. The breach occurred within the company's Salesforce infrastructure, a common attack vector for threat actors targeting enterprise systems. ShinyHunters, the extortion group responsible for the leak, has made the stolen data publicly available. The compromised accounts represent a significant portion of McGraw Hill's user base, which includes students, educators, and institutional clients across multiple platforms. McGraw Hill serves millions of users globally through its education technology platforms, digital learning tools, and assessment systems. The breach potentially exposes personal information associated with these accounts, though the company has not yet detailed the specific data categories affected. This incident marks another major security event targeting educational institutions and edtech providers. In recent years, the sector has become increasingly attractive to threat actors seeking valuable user data and institutional information. Companies relying on third-party platforms like Salesforce face inherited security risks. While Salesforce itself remains widely used, misconfigured instances and inadequate access controls have proven vulnerabilities in enterprise deployments. McGraw Hill has not announced mandatory password resets or detailed remediation steps for affected users. The company typically faces regulatory scrutiny under various education privacy laws and data protection regulations depending on jurisdictions served. Users of McGraw Hill platforms should monitor accounts for suspicious activity and consider changing credentials as a precautionary measure. The company is expected to issue formal guidance to affected users in coming days.