- ShinyHunters Adds McGraw Hill to Data Leak Site, Demands Ransom by April 14, 2026
- Group claims 45 million Salesforce records stolen, contradicting company’s “limited data” statement
- McGraw Hill says misconfiguration in Salesforce led to exposure, no SSNs, financial or student data compromised
US education science firm McGraw Hill has confirmed it suffered a data breach and lost sensitive internal data after notorious ransomware collective ShinyHunters added it to its data leak site.
In a statement shared with Bleeping ComputerThe company said the incident was not the result of a breach of its systems, but rather the exploitation of a misconfiguration:
“McGraw Hill recently identified unauthorized access to a limited set of data from a webpage hosted by Salesforce on their platform,” the company said. “This activity appears to be part of a broader issue involving a misconfiguration in Salesforce’s environment that has affected multiple organizations that work with Salesforce.”
The article continues below
ShinyHunters’ activity
The company further stressed that the incident did not involve unauthorized access to its Salesforce accounts, customer databases, course materials or internal systems. Social Security Numbers (SSN), financial account information, or student data generated by education platforms have not been compromised.
A few days prior, the ShinyHunters ransomware group added McGraw Hill to its data leak site and said it had until April 14, 2026 to pay a ransom demand or see the stolen data leaked to the dark web.
It claims to have stolen 45 million Salesforce records of personally identifiable information (PII), contradicting McGraw Hill’s assessment that the data is of little importance.
ShinyHunters are currently among the most active threat actors out there. It started as a ransomware player, but quickly stopped implementing encryptions and focused solely on data exfiltration and extortion.
A few weeks ago, it hacked into a research firm, Anodot, through which it gained access to Snowflake accounts belonging to more than a dozen companies. It exfiltrated most of the data found there and is currently blackmailing the victims. At the same time, it released 78.6 million records stolen from game development giant Rockstar Games even before the deadline.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
