CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

Scholastic Data Breach Exposes Info of Over 4 Million Bookworms

By Leave a Comment
Scholastic Data Breach Exposes Info of Over 4 Million Bookworms

Scholastic, the global educational and publishing giant known for producing popular book series like Harry Potter and Goosebumps, has suffered a significant data breach. The breach exposed sensitive information belonging to over 8 million individuals, with 4.2 million unique email addresses identified. The validity of the leaked data was confirmed by the security incident alerting platform Have I Been Pwned (HIBP), which has prompted alerts to affected users.

Sensitive data exposed

The breach, first reported by the Daily Dot, was executed by a hacker known as “Parasocial,” who reportedly infiltrated Scholastic's systems by compromising an employee's login credentials using malware. Once inside, the hacker accessed a wide range of sensitive data from Scholastic's employee portal, which included:

  • Names
  • Email addresses
  • Phone numbers
  • Physical addresses

The data comprises details of both U.S.-based customers and educational professionals, with 1.05 million entries linked to “education contacts.” These records often contain professional information, such as schools where the individuals are employed.

While Parasocial claims to have stopped collecting data due to an export limit on Scholastic's servers, they managed to extract 4.2 million unique email addresses. Approximately 70% of these were already in the HIBP database, indicating prior exposure in unrelated breaches.

Data stolen by the hacker
Daily Dot

Impact on Scholastic

Scholastic provides pre-K to grade 12 resources alongside publishing some of the most celebrated children's literature. The company serves millions of parents, teachers, and administrators through its digital platforms, which facilitate book orders, educational resources, and classroom tools.

Given its scale and significance, the breach raises serious concerns about the security of its systems, particularly as the stolen data could be misused for phishing, fraud, or identity theft, targeting educators, parents, and children alike.

Parasocial, who self-identified as a member of the furry community, claimed their motives were rooted in boredom rather than malice. However, they heavily criticized Scholastic's security practices, singling out the lack of multi-factor authentication (MFA).

People who maintain an account on Scholastic are recommended to change passwords immediately, enable multi-factor authentication protection, and treat unsolicited communications with vigilance.

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *