- ShinyHunters Adds McGraw Hill to Data Breach Site, Demands Ransom by April 14, 2026
- Group Claims 45 Million Salesforce Records Stolen, Contradicting Company’s ‘Limited Data’ Claim
- McGraw Hill Says Misconfiguration in Salesforce Led to Exposure, Without Social Security Numbers, Financial or Student Data Compromised
American educational sciences company McGraw Hill has confirmed that it suffered a data breach and lost sensitive internal data after the infamous ShinyHunters ransomware collective added it to its data breach website.
In a statement shared with beepcomputerThe company said the incident was not the result of a breach of its systems, but rather the exploitation of a misconfiguration:
“McGraw Hill recently identified unauthorized access to a limited set of data from a web page hosted by Salesforce on its platform,” the company said. “This activity appears to be part of a broader issue involving misconfiguration within the Salesforce environment that has impacted multiple organizations working with Salesforce.”
Article continues below.
ShinyHunters activity
The company further emphasized that the incident did not involve unauthorized access to its Salesforce accounts, customer databases, courses, or internal systems. Social Security numbers (SSNs), financial account information, or student data generated by educational platforms have not been compromised.
A few days earlier, ransomware group ShinyHunters added McGraw Hill to its data breach website and said it had until April 14, 2026 to pay a ransom demand or see stolen data leaked to the dark web.
It claims to have stolen 45 million Salesforce records containing personally identifiable information (PII), contradicting McGraw Hill’s assessment that the data is of little importance.
ShinyHunters is currently among the most active threat actors out there. It started as a ransomware player, but quickly stopped deploying encryptors and focused entirely on data exfiltration and extortion.
A few weeks ago he broke into the analysis company Anodot, through which he accessed Snowflake accounts belonging to more than a dozen companies. He exfiltrated most of the data found there and is currently extorting victims. At the same time, it released 78.6 million records stolen from game development giant Rockstar Games even before the deadline expired.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
