Skip to main content
Registration is open for Summer Semester and Autumn Semester courses. Register for classes today!
  1. Home
  2. Communications
  3. Update
  4. 2026 Archive
  5. McGraw Hill data breach: What you need to know

McGraw Hill data breach: What you need to know

Update | Tuesday, April 28, 2026

Columbus State Information Technology (IT) has been monitoring a recently disclosed data breach involving educational publisher McGraw Hill, a platform widely used across higher education.

What happened
This month (April 2026), McGraw Hill confirmed unauthorized access to a portion of its data stemming from a misconfiguration in a Salesforce-hosted webpage, not a direct breach of its internal systems. 

While the company initially described the exposure as limited, reports indicate that up to 13.5 million user records may have been impacted, with more than 100GB of data later released publicly after an extortion attempt. 

What information was involved
The exposed data may include:

  • Names 
  • Email addresses 
  • Phone numbers 
  • Physical addresses 

Importantly, McGraw Hill has stated that restricted data such as Social Security numbers, financial information, and student academic data were not included. 

Why this matters
Even when highly sensitive data is not involved, this type of breach can still create risk. Personal contact information can be used for:

  • Phishing and scam emails 
  • Social engineering attacks 
  • Credential stuffing attempts on reused passwords 

Because McGraw Hill serves many colleges and universities, individuals in higher education—including students, faculty, and staff—may be affected.

What Columbus State users should do
If you have used McGraw Hill products or services, we recommend taking the following precautions:

  • Change your McGraw Hill password immediately 
  • If you reused that password elsewhere, update those accounts as well 
  • Enable multi-factor authentication (MFA) wherever available 
  • Be cautious of unexpected emails claiming to be from McGraw Hill or related services 
  • Monitor your accounts for suspicious activity 

Columbus State impact
At this time, there is no indication that Columbus State systems or institutional data were involved. However, individual users may still be impacted if they have interacted with McGraw Hill services.

Stay informed
Columbus State IT will continue to monitor this situation and share updates as needed. If you believe your account has been compromised or receive suspicious communications, please contact the IT Support Center at helpdesk@cscc.edu.

 

Go to 2026 Update Archive Go to Employee Update

 

Latest Update Stories