The education publishing giant, McGraw Hill, has accidently exposed the grades of over 100,000 students via a misconfigured S3 bucket database. According to researchers at vpnMentor, the data was publicly available and found on June 12. One production bucket contained more than 47 million files and 12TB of data, and a second non-production bucket held more than 69 million files and 10TB of data. The data included students’ names, email addresses, performance reports, and grades. The buckets also contained classroom data such as teachers’ syllabi and course reading materials for US and Canadian students in schools such as Johns Hopkins University, University of California-Los Angeles, University of Toronto, and University of Michigan.  Additionally, the data included private keys, which could be decrypted and used by threat actors to access sensitive information about students and McGraw Hill’s source code. The data was able to be accessed by anyone via public Internet starting in 2015.