Infinite Campus warns of breach after ShinyHunters claims data theft

Recorded: March 24, 2026, 4 p.m.

Original

News

Featured
Latest

TeamPCP deploys Iran-targeted wiper in Kubernetes attacks

Microsoft Azure Monitor alerts abused for callback phishing attacks

Crunchyroll probes breach after hacker claims to steal 6.8M users' data

Microsoft Exchange Online service change causes email access issues

Microsoft fixes bug causing Classic Outlook sync issues with Gmail

Zero Trust: Bridging the Gap Between Authentication and Trust

HackerOne discloses employee data breach after Navia hack

Infinite Campus warns of breach after ShinyHunters claims data theft

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityInfinite Campus warns of breach after ShinyHunters claims data theft

Infinite Campus warns of breach after ShinyHunters claims data theft

By Bill Toulas

March 24, 2026
09:48 AM
0

Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor.
In the breach notification sent to customers, Infinite Campus states that hackers accessed an employee's Salesforce account, exposing information that was mostly publicly available.
The company has not published an official statement, but customers reported the incident on various public platforms.
The notification comes shortly after the data extortion group ShinyHunters claimed the attack and posted a “final warning” on its dark web site yesterday, threatening to leak all data allegedly stolen from Infinite Campus.
The hackers gave the company until March 25 to initiate contact and negotiate a ransom to prevent a data leak. However, Infinite Campus said that it will not engage with the attacker.
ShinyHunters claims to have stolen Salesforce records containing personally identifiable information (PII) and various internal corporate data.

ShinyHunters lists Infinite Campus on its dark web siteSource: BleepingComputer
Infinite Campus is a U.S.-based education technology (EdTech) company that provides a student information system (SIS) to more than 3,200 school districts in the United States. Currently, its software applications manage data of 11 million students in 46 states.
Although Infinite Campus did not name ShinyHunters as the threat actor, it described the intruder as “part of a group known for targeting the Salesforce accounts of hundreds of companies.”
The extortion group has been targeting Salesforce customers for the past year, breaching hundreds of companies and claiming more than 1.5 billion records stolen in the Salesloft Drift hack and the more recent Salesforce Aura campaign.
Infinite Campus has also stated that, according to its investigation, no customer databases were accessed. Exposed data consists of names and contact details for school stuff and information that is commonly available publicly.
“Their target was the Infinite Campus Salesforce instance, consisting of names and contact information for school staff; the majority is directory information commonly found on school websites,” explained the firm.

Infinite Campus breach notification to customersSource: Reddit
In response to the incident, the firm has disabled certain customer-facing services for users without IP address restrictions to minimize the risk of potential exposure of sensitive data.
At the same time, it is scanning all Salesforce data that may have been compromised and is contacting potentially impacted districts to provide guidance.
BleepingComputer has contacted Infinite Campus with questions on how many school districts have been impacted, but a company representative shared with us the notification sent to customers with no additional comment.
The incident resembles the December 2024 PowerSchool hack due to the type of targeted platform, though the impact scope was vastly different, exposing the sensitive information of 62 million students.
The hacker behind that attack, a 19-year-old college student from Massachusetts, was eventually sentenced to four years in prison, following his guilty plea in May 2025.
Update [March 24, 11:37 EST]: Article edited to reflect that Infinite Campus shared with BleepingComputer the notification sent to customers.

Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Download The Report

Related Articles:
Wynn Resorts confirms employee data breach after extortion threatCarGurus data breach exposes information of 12.4 million accountsShinyHunters launches Salesforce data leak site to extort 39 victimsHave I Been Pwned: SoundCloud data breach impacts 29.8 million accountsAura confirms data breach exposing 900,000 marketing contacts

Data Breach
Education
Extortion
Infinite Campus
Salesforce
School
ShinyHunters

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Popular Stories

Microsoft Azure Monitor alerts abused for callback phishing attacks

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

VoidStealer malware steals Chrome master key via debugger trick

Sponsor Posts

AI is a data-breach time bomb: Read the new report

Cyber resilience without the complexity. Join Zero Networks to stop lateral movement fast.

Are refund fraud methods targeting your brand? You can monitor the underground for these threats.

Overdue a password health-check? Audit your Active Directory for free

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Username

Password

Remember Me

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Infinite Campus, a prominent provider of student information systems (SIS) utilized by over 3,200 school districts across the United States managing data for 11 million students, is currently addressing a data breach following an extortion attempt by the threat actor group ShinyHunters. The incident centers on a compromised Salesforce account, revealing details that were largely publicly accessible. According to an internal notification disseminated to customers, the breach stemmed from unauthorized access to the Infinite Campus Salesforce instance, primarily exposing names and contact information for school staff, and directory data typically found on school websites.

ShinyHunters, a known group specializing in targeting Salesforce accounts, claimed responsibility for the breach and issued a final warning to Infinite Campus, demanding a ransom to prevent the release of the stolen data. The group has a documented history of targeting companies leveraging Salesforce, exemplified by past incidents like the 1.5 billion records stolen in the Salesforce Aura campaign and the Sailboat Hack. The nature of this breach mirrors previous attacks, notably the 2024 PowerSchool hack, though the scope of impact appears significantly less extensive. This similarity in targeting Salesforce instances raises concerns about potential vulnerabilities within the platform and the broader education technology sector.

In response to the notification, Infinite Campus has taken precautionary steps, including disabling certain customer-facing services for users without IP address restrictions and initiating a comprehensive scan of the Salesforce data. Furthermore, the firm has engaged in direct contact with potentially impacted school districts to provide guidance and mitigate any potential risks associated with the exposure of staff contact information. This proactive approach demonstrates an attempt to control the narrative and minimize the impact of the breach.

The incident underscores the ongoing threat landscape faced by organizations reliant on cloud-based services like Salesforce. While Infinite Campus asserts that no customer databases were accessed, the compromise of a Salesforce account highlights the potential for attackers to leverage compromised credentials and access data that is publicly discoverable. The response by Infinite Campus, including the scanning of data and communication with impacted districts, showcases typical crisis management strategies employed following such incidents. The similarities to the 2024 PowerSchool hack, though with a different scale of impact, serve as a cautionary reminder of the importance of robust security practices and vigilance against persistent threat actors like ShinyHunters. The firm’s decision not to engage with the attacker represents a common strategy aimed at preventing further extortion attempts and securing the breach’s containment.