// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / McGraw Hill
Breach Record

McGraw Hill

DISCLOSED 2026-04-16 · MISCONFIG · 13,500,000 RECORDS EXPOSED

McGraw Hill suffered a data breach due to a Salesforce misconfiguration, exposing up to 13.5 million accounts. The incident is linked to a widespread cloud configuration issue and may involve extortion. No specific data types or threat actor were disclosed.

The record

What we know

Disclosed
2026-04-16
Attack vector
Misconfig
Sector
education publishing
Country
US
Records exposed
13,500,000
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · unclear · opinion

The breach stemmed from a cloud misconfiguration, not an endpoint compromise, so a positive-security endpoint model would likely not have prevented it.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other misconfig breaches on file

This page is the permanent ColdRecon entry for the McGraw Hill disclosure. It updates if new public reporting emerges. All tracked breaches →

McGraw Hill just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →