Salesforce and Infinite Campus: Infinite Campus warns of breach after ShinyHunters claims data theft

Infinite Campus Reports Data Breach Following ShinyHunters Extortion Attempt

Infinite Campus, a leading U.S.-based provider of K-12 student information systems, has notified customers of a data breach after a threat actor accessed an employee’s Salesforce account. The company serves over 3,200 school districts and manages data for 11 million students across 46 states.

The breach was claimed by the extortion group ShinyHunters, which posted a "final warning" on its dark web site on March 24, threatening to leak stolen data unless Infinite Campus engaged in ransom negotiations by March 25. The company confirmed it would not comply with the demands.

ShinyHunters alleged the theft of Salesforce records containing personally identifiable information (PII) and internal corporate data. However, Infinite Campus stated that its investigation found no access to customer databases. The exposed data primarily included names and contact details of school staff, much of which is publicly available on school websites.

The incident follows a pattern of Salesforce-targeted attacks by ShinyHunters, which has breached hundreds of companies in the past year, including high-profile campaigns like the Salesloft Drift and Salesforce Aura hacks, claiming over 1.5 billion records stolen.

In response, Infinite Campus disabled certain customer-facing services for users without IP restrictions and is scanning potentially compromised Salesforce data. The company is also contacting affected school districts to provide guidance.

While the breach’s full impact remains unclear, Infinite Campus has not disclosed how many districts were affected. The incident echoes the December 2024 PowerSchool hack, though that attack exposed sensitive data of 62 million students. The perpetrator, a 19-year-old college student, was later sentenced to four years in prison.

Source: https://www.bleepingcomputer.com/news/security/infinite-campus-warns-of-breach-after-shinyhunters-claims-data-theft/

Infinite Campus cybersecurity rating report: https://www.rankiteo.com/company/infinite-campus

Salesforce cybersecurity rating report: https://www.rankiteo.com/company/salesforce

"id": "INFSAL1774362301",
"linkid": "infinite-campus, salesforce",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'School districts and staff '
                                              '(number undisclosed)',
                        'industry': 'Education',
                        'location': 'U.S.',
                        'name': 'Infinite Campus',
                        'size': 'Serves over 3,200 school districts and '
                                'manages data for 11 million students',
                        'type': 'EdTech / Student Information System '
                                'Provider'}],
 'attack_vector': 'Compromised Salesforce account',
 'customer_advisories': 'Notification sent to customers',
 'data_breach': {'data_exfiltration': 'Alleged by ShinyHunters',
                 'personally_identifiable_information': 'Names and contact '
                                                        'details of school '
                                                        'staff',
                 'sensitivity_of_data': 'Low to moderate (primarily names and '
                                        'contact details of school staff)',
                 'type_of_data_compromised': ['Personally identifiable '
                                              'information (PII)',
                                              'Internal corporate data']},
 'description': 'Infinite Campus, a leading U.S.-based provider of K-12 '
                'student information systems, reported a data breach after a '
                'threat actor accessed an employee’s Salesforce account. The '
                'breach was claimed by the extortion group ShinyHunters, which '
                'threatened to leak stolen data unless a ransom was paid. The '
                'exposed data primarily included names and contact details of '
                'school staff, much of which is publicly available.',
 'impact': {'data_compromised': 'Personally identifiable information (PII) and '
                                'internal corporate data',
            'operational_impact': 'Disabled certain customer-facing services '
                                  'for users without IP restrictions',
            'systems_affected': 'Salesforce account, customer-facing services'},
 'initial_access_broker': {'entry_point': 'Compromised Salesforce account'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion',
 'ransomware': {'data_exfiltration': 'Alleged by ShinyHunters',
                'ransom_demanded': True},
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'communication_strategy': 'Notified customers and provided '
                                        'guidance to affected school districts',
              'containment_measures': 'Disabled certain customer-facing '
                                      'services for users without IP '
                                      'restrictions',
              'remediation_measures': 'Scanning potentially compromised '
                                      'Salesforce data, contacting affected '
                                      'school districts'},
 'stakeholder_advisories': 'Guidance provided to affected school districts',
 'threat_actor': 'ShinyHunters',
 'title': 'Infinite Campus Data Breach Following ShinyHunters Extortion '
          'Attempt',
 'type': 'Data Breach'}