Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Teachers and educators caught up in a data breach of a popular US educational publisher.
A hacker has breached the network of popular educational publisher Scholastic and stolen the contact and address details of more than 4.2 million customers.
Hackers calling themselves Parasocial managed the feat and shared the data with the Daily Dot website.
“To Scholastic; lol get pwned. This is a lesson to be learned the hard way. Don’t let your customers take the hit for your security failures, use MFA,” Parasocial told the website, while also making a callout to their “puppygirl hacker polycule”.
The full data set includes about 8 million entries, with just over 1 million of them belonging to educators. The Daily Dot confirmed the data was legitimate, and Parasocial said they were able to access the customer data using credentials stolen from an employee via malware.
The data includes names, email addresses, phone numbers, and home addresses of customers based in the US, though not all of the 8 million entries contain all of that information. Parasocial said they would have stolen more data, but the server it was stored on had an export limit in place.
Parasocial told the Daily Dot they stole the data out of boredom, and that they weren’t intending on making it public.
That said, the dataset, totalling 4,247,768 unique email addresses, has now been added to HaveIBeenPwned.
“In January 2025, a data breach of the publishing company Scholastic surfaced,” an update to HaveIBeenPwned said.
“The breach contained 4.2M unique email addresses with many of the records also including name, phone number and physical address.”
According to HaveIBeenPwned, the breach itself took place on 8 January and was added to the site’s list of “pwned websites” on 13 January.
Scholastic is investigating the incident.
“Scholastic takes the security of our customers’ data seriously with extensive systems and protocols, and are investigating this claim thoroughly,” a company spokesperson told the Daily Dot.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
