Scholastic Data Breach Exposes Millions of Records
Scholastic, the beloved publisher of US editions of the Harry Potter series, The Hunger Games, and other popular children’s titles like The Magic School Bus and Goosebumps, has fallen victim to a significant data breach. The incident has resulted in millions of customer records being compromised after a hacker gained access to the company’s systems.
The hacker, using the alias “Parasocial,” exploited an employee portal to siphon off the data. According to reports, Parasocial obtained login credentials after infecting a Scholastic employee’s computer with malware. The breach impacted roughly 8 million records, including over 4.2 million unique email addresses as well as names, phone numbers, and home addresses of customers in the United States. A significant chunk of the data belonged to educators, including teachers and school administrators. Alarmingly, much of the remaining information is tied to parents and, in some cases, their children, whose names were entered during account registration.
Despite the scale of the breach, Parasocial claimed they weren’t motivated by malicious intent or profit, instead stating they acted out of boredom. “This is a lesson to be learned the hard way,” the hacker said, urging organizations to bolster their security measures with tools like multi-factor authentication (MFA). Parasocial also assured that they do not plan to publish the stolen data.
Scholastic has so far remained publicly quiet about the breach, but a spokesperson confirmed the company had launched an internal investigation. “Immediately upon learning of this claim, our internal security teams began an investigation with leading third-party cybersecurity experts to identify any potential unauthorized access to Scholastic systems,” the statement read. “At this time, our investigation is ongoing.”
With the breach now public and details added to Have I Been Pwned, a database that tracks compromised accounts, affected customers are left waiting to see how Scholastic will address the fallout from this incident. The situation serves as a stark reminder of the importance of strong cybersecurity measures to protect sensitive information.
