Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor.
In the breach notification sent to customers, Infinite Campus states that hackers accessed an employee’s Salesforce account, exposing information that was mostly publicly available.
The company has not published an official statement, but customers reported the incident on various public platforms.
The notification comes shortly after the data extortion group ShinyHunters claimed the attack and posted a “final warning” on its dark web site yesterday, threatening to leak all data allegedly stolen from Infinite Campus.
The hackers gave the company until March 25 to initiate contact and negotiate a ransom to prevent a data leak. However, Infinite Campus said that it will not engage with the attacker.
ShinyHunters claims to have stolen Salesforce records containing personally identifiable information (PII) and various internal corporate data.
Source: BleepingComputer
Infinite Campus is a U.S.-based education technology (EdTech) company that provides a student information system (SIS) to more than 3,200 school districts in the United States. Currently, its software applications manage data of 11 million students in 46 states.
Although Infinite Campus did not name ShinyHunters as the threat actor, it described the intruder as “part of a group known for targeting the Salesforce accounts of hundreds of companies.”
The extortion group has been targeting Salesforce customers for the past year, breaching hundreds of companies and claiming more than 1.5 billion records stolen in the Salesloft Drift hack and the more recent Salesforce Aura campaign.
Infinite Campus has also stated that, according to its investigation, no customer databases were accessed. Exposed data consists of names and contact details for school stuff and information that is commonly available publicly.
“Their target was the Infinite Campus Salesforce instance, consisting of names and contact information for school staff; the majority is directory information commonly found on school websites,” explained the firm.
Source: Reddit
In response to the incident, the firm has disabled certain customer-facing services for users without IP address restrictions to minimize the risk of potential exposure of sensitive data.
At the same time, it is scanning all Salesforce data that may have been compromised and is contacting potentially impacted districts to provide guidance.
BleepingComputer has contacted Infinite Campus with questions on how many school districts have been impacted, but we have not received a response yet.
The incident resembles the December 2024 PowerSchool hack due to the type of targeted platform, though the impact scope was vastly different, exposing the sensitive information of 62 million students.
The hacker behind that attack, a 19-year-old college student from Massachusetts, was eventually sentenced to four years in prison, following his guilty plea in May 2025.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Related Articles:
Wynn Resorts confirms employee data breach after extortion threat
CarGurus data breach exposes information of 12.4 million accounts
ShinyHunters launches Salesforce data leak site to extort 39 victims
Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
Aura confirms data breach exposing 900,000 marketing contacts