Industry - Data Breach
Executive Summary
The ShinyHunters hacking group breached Infinite Campus's Salesforce system in March, exposing personal information from 137,000 school staff accounts including names, email addresses, phone numbers, physical addresses, and job titles. Infinite Campus, which provides student information systems to over 3,200 U.S. school districts, confirmed the breach affected staff contact information but stated there was no evidence that student databases were compromised. The stolen data was subsequently l...
What Happened
In March 2026, the ShinyHunters hacking group breached Infinite Campus's Salesforce system, stealing personal information from approximately 137,000 school staff accounts. The exposed data included names, email addresses, phone numbers, physical addresses, job titles, usernames, and support tickets. Infinite Campus, which provides student information systems to over 3,200 U.S. school districts serving 11 million students in 46 states, confirmed the breach targeted their Salesforce instance but stated there was no evidence that student databases were compromised.
Who Is Affected
The breach affected 137,000 school staff members across districts using Infinite Campus's services in 46 U.S. states. Exposed individuals include teachers, administrators, and other school employees whose contact information and employment details were stored in the Salesforce system. While the company stated student databases were not compromised, staff at over 3,200 school districts potentially had their personal and professional contact information exposed.
Why It Matters
This incident represents the latest in a series of education technology breaches, following a similar December 2024 PowerSchool hack that affected 62 million students. The breach demonstrates ongoing vulnerability in widely-used educational platforms that centralize sensitive information for millions of users. ShinyHunters has claimed responsibility for stealing over 1.5 billion records from hundreds of Salesforce customers, indicating a systematic targeting of this platform across multiple industries including education.
What You Should Do
Affected school staff should immediately monitor their email accounts and phone numbers for phishing attempts or social engineering attacks, as hackers now have verified contact information and employment details. Change passwords for any accounts associated with your work email address and enable multi-factor authentication wherever possible. Be extremely cautious of unsolicited contacts claiming to be from your school district, IT department, or educational vendors, and verify requests through known official channels before providing any information or clicking links.
Summary generated from verified sources and reviewed before publication. How we summarize.
Related Events
- Industry - Data BreachJun 10, 2026
The ShinyHunters extortion gang is exploiting vulnerabilities in Oracle PeopleSo...
- Industry - Data BreachJun 7, 2026
HVAC/R wholesale distributor Baker Distributing Company suffered a data breach i...
- Industry - Data BreachMay 18, 2026
7-Eleven confirmed a data breach after the hacking group ShinyHunters demanded r...
- Industry - Data BreachMay 12, 2026
In May 2026, real estate services firm Cushman & Wakefield was targeted by the S...