// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-hibpDTG 0600Z
ColdRecon / Breach Radar / McGraw Hill
Breach Record

McGraw Hill

DISCLOSED 2026-04-10 · STOLEN CREDS · 13,500,136 RECORDS EXPOSED

In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple...

The record

What we know

Disclosed
2026-04-10
Attack vector
Stolen Creds
Records exposed
13,500,136
Domain
mheducation.com
Data classes exposed
Email addressesNamesPhone numbersPhysical addresses
Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the McGraw Hill disclosure. It updates if new public reporting emerges. All tracked breaches →

McGraw Hill just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →