‘This activity appears to be part of a broader issue’: education company… is attracting attention across the tech world. Analysts, enthusiasts, and industry observers are watching closely to see how this story develops.
This update adds another signal to a fast-moving sector where product decisions, platform changes, and competition can quickly shape the market.
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Get full access to premium articles, exclusive features and a growing list of member rewards.
American education science company McGraw Hill has confirmed suffering a data breach and losing sensitive internal data after the infamous ransomware collective ShinyHunters added it to its data leak website.
In a statement shared with BleepingComputer, the company stated the incident was not the result of a breach of its platforms, but rather an exploitation of a misconfiguration:
“McGraw Hill recently identified unauthorized access to a limited set of data from a webpage hosted by Salesforce on its platform,” the company stated. “This activity appears to be part of a broader issue involving a misconfiguration within Salesforce’s environment that has impacted multiple organizations that work with Salesforce.”
The company further stressed that the incident did not involve unauthorized access to its Salesforce accounts, customer databases, courseware, or internal platforms. Social Security numbers (SSN), financial account information, or student data generated by educational platforms, have not been compromised.
A few days prior, the ShinyHunters ransomware group added McGraw Hill to its data leak website, and said it had until April 14 2026 to pay a ransom demand, or see the stolen data leak to the dark web.
It claims to have stolen 45 million Salesforce records with personally identifiable information (PII), which contradicts McGraw Hill’s assessment that the data is of little significance.
ShinyHunters is currently among the most active threat actors out there. It started as a ransomware player but quickly stopped deploying encryptors and focused entirely on data exfiltration and extortion.
A few weeks ago, it broke into an analytics company Anodot, through which it accessed Snowflake accounts belonging to more than a dozen companies. It exfiltrated most of the data found there and is currently extorting the victims. At the same time, it published 78.6 million records stolen from game advancement behemoth Rockstar Games even before the deadline expired.
➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Please logout and then login again, you will then be prompted to enter your display name.
Why This Matters
This development may influence user expectations, future product strategy, and the competitive balance inside the broader technology industry.
Companies in adjacent segments often react quickly to similar moves, which is why stories like this tend to matter beyond a single announcement.
Looking Ahead
The full impact will become clearer over time, but the story already highlights how quickly the modern tech landscape can evolve.
Observers will continue tracking the next steps and how they affect products, users, and the wider market.
