Global publisher of educational materials Scholastic hit by data breach
Learn More
Scholastic, a global publisher of educational materials and popular children's books including Harry Potter, was hit by a data breach in January 2025. The incident was perpetrated by a hacker using the alias "Parasocial," who gained unauthorized access to an employee portal after obtaining login credentials through malware that had infected an employee's computer.
The scale and impact of this breach is substantial. The breach affected approximately 8 million total entries, with education contacts comprising 1,048,576 of these records. The exposed data pertains to both U.S.-based customers and education contacts, though not all entries contain complete information across all data fields. Exposed data includes:
- Names
- Email addresses (4,247,768 unique addresses)
- Phone numbers
- Home addresses
- School affiliations (for teachers)
- Children's names (for parent registrants)
The attack vector was identified as compromised employee credentials obtained through malware infection. The hacker reported they could have exfiltrated more data but were restricted by export limits on Scholastic's server. T
Scholastic acknowledged the incident and provided a statement indicating they are investigating the claims: "Scholastic takes the security of our customers' data seriously with extensive systems and protocols, and are investigating this claim thoroughly."
