ShinyHunters has issued a rare public statement amid its ongoing extortion campaign, while adding education publisher Houghton Mifflin Harcourt Company to its leak site with a new pay-or-leak warning.
Houghton Mifflin Harcourt, commonly known as HMH, is a major U.S.-based educational publishing and learning technology company providing textbooks, digital classroom platforms, curriculum software, and assessment services used by schools and educators worldwide.
The threat group claimed Houghton Mifflin Harcourt data was compromised across “several campaigns throughout the past few months,” suggesting what may have been a prolonged intrusion or repeated access attempts tied to the organization.
The listing included a May 12, 2026 deadline demanding the company engage with the group before allegedly stolen data is leaked publicly. The post also threatened unspecified “digital problems” if negotiations fail.
At time of publication, BreachNews could not independently verify whether any Houghton Mifflin Harcourt systems were compromised or whether any data was exfiltrated.
ShinyHunters signals mounting pressure
Alongside the new victim listing, ShinyHunters published a short public statement claiming the group was receiving a significant volume of media inquiries regarding what it described as a “global incident.”
The statement said the group would not provide additional public comment regarding the ongoing activity.
The messaging reflects an increasingly public-facing posture from the threat group as more organizations linked to recent extortion claims acknowledge unauthorized access incidents, customer-data exposure, or internal security investigations.
Over recent weeks, ShinyHunters has repeatedly targeted enterprise cloud environments, CRM systems, customer databases, and internal support infrastructure across multiple sectors including telecommunications, education, financial services, and SaaS platforms.
Several organizations previously listed by the group later confirmed security incidents, including Vercel, Vimeo, and Instructure.
The group’s latest posts continue to blur the line between traditional data-extortion operations and broader coordinated intrusion campaigns targeting enterprise infrastructure and cloud-connected business systems.
Houghton Mifflin Harcourt had not issued any public statement regarding the allegations at time of publication.
