McGraw Hill

McGraw Hill confirmed a data breach in April 2026 affecting 13.5 million accounts, exposing email addresses, names, phone numbers, and physical addresses due to a Salesforce misconfiguration.

Reported

May 1, 2026

Breach date

Apr 10, 2026

People affected

13.5M

Severity

critical

What was exposed

Email addressesNamesPhone numbersPhysical addresses

What happened

According to HIBP, McGraw Hill confirmed a data breach in April 2026 following an extortion attempt. The incident was attributed to a Salesforce misconfiguration that exposed data from a webpage hosted on Salesforce's platform. More than 100GB of data was subsequently distributed publicly.

What was exposed

The breach exposed 13.5 million unique email addresses. Additional fields including names, physical addresses, and phone numbers appeared inconsistently across some records in the distributed files.

Who is affected

Approximately 13.5 million individuals with accounts or data associated with McGraw Hill's Salesforce-hosted webpage are affected by this breach.

What to do now

Affected individuals should monitor their email accounts and watch for unsolicited contact. Consider placing a fraud alert or credit freeze with credit bureaus if personal information including addresses and phone numbers were exposed. Review any McGraw Hill accounts for unauthorized activity.

Case monitoring

Get notified about the McGraw Hill case.

No attorney or law firm using Breached is currently investigating this case. You can submit your information as an interest expression to be notified if that changes. We never sell your details.

No attorney currently investigating

No attorney or law firm using Breached is currently investigating the McGraw Hill breach through Breached. You can submit information as an interest expression to be notified if that changes. Your details will not be routed to a law firm unless you give fresh consent after a case team is identified.