Infinite Campus Breach Exposes 137,000 School Staff Records
Key Takeaways
- ShinyHunters stole 137,000 school staff records from Infinite Campus via a Salesforce attack in March 2026
- Exposed data includes names, emails, phone numbers, physical addresses, job titles, and support tickets
- The breach highlights ongoing third-party vendor security risks in education technology
ShinyHunters, the data extortion gang behind several high-profile Salesforce breaches, has claimed responsibility for stealing personal information from 137,000 school staff accounts at Infinite Campus. The attack, which occurred in March 2026, targeted the company's Salesforce instance rather than its core student databases.
Infinite Campus provides student information systems to over 3,200 school districts across the United States. The platform manages data for 11 million students in 46 states, making it one of the most widely used K-12 EdTech platforms in the country.
What Data Was Stolen
Have I Been Pwned, the breach notification service, analyzed the leaked data and confirmed the scope. The 1.2GB archive published by ShinyHunters contains 137,100 unique accounts with the following information:
- Names and email addresses
- Phone numbers and physical addresses
- Employer names and job titles
- Usernames
- Support ticket records
Infinite Campus downplayed the severity in its customer notification, stating that the exposed data "largely consisted of names and contact information for school staff" and that "the majority is directory information commonly found on school websites."
How the Attack Happened
The breach targeted Infinite Campus's Salesforce instance, not its student information databases. In its March notification to customers, the company described the attacker as "part of a group known for targeting the Salesforce accounts of hundreds of companies."
This attack pattern matches ShinyHunters' recent campaigns. The group has claimed to have stolen more than 1.5 billion records from Salesforce customers over the past year, including breaches tied to the Salesloft Drift hack and the Salesforce Aura campaign.
“Their target was the Infinite Campus Salesforce instance, consisting of names and contact information for school staff; the majority is directory information commonly found on school websites.”
— Infinite Campus, customer notification
Infinite Campus said it found no evidence that customer databases containing student records were compromised. The company did not disclose how attackers gained access to its Salesforce account.
Comparison to PowerSchool Breach
The Infinite Campus incident follows a similar pattern to the December 2024 PowerSchool hack, though the scale differs significantly. The PowerSchool breach affected 62 million students, making it one of the largest EdTech breaches on record.
The hacker behind the PowerSchool attack, a 19-year-old college student from Massachusetts, was sentenced to 4 years in prison after pleading guilty in May 2025. ShinyHunters operates as an organized extortion group and has not faced similar consequences.
Third-Party Vendor Risk in Education
Security professionals on Reddit and Hacker News pointed to the breach as another example of third-party vendor risk in educational institutions. The consensus: even "less sensitive" internal tools like CRM systems require strict access controls.
School districts often lack the security resources of large enterprises but handle similarly sensitive data. A compromised staff directory might seem low-risk, but phone numbers, emails, and support tickets can enable phishing attacks and social engineering against school systems.
Logicity's Take
What Affected Districts Should Do
- Check Have I Been Pwned to confirm which staff accounts were exposed
- Force password resets for any accounts using the same credentials elsewhere
- Enable MFA on all SaaS integrations, including Salesforce
- Implement IP-based access controls for administrative tools
- Train staff to recognize phishing attempts using their leaked information
Have I Been Pwned has added the Infinite Campus breach to its database. Affected individuals can check whether their email appears in the leaked data.
Frequently Asked Questions
Was student data exposed in the Infinite Campus breach?
No. Infinite Campus said customer databases containing student records were not compromised. The breach affected the company's Salesforce instance, which stores staff contact information and support tickets.
How many school districts use Infinite Campus?
Infinite Campus serves over 3,200 school districts across 46 states, managing data for approximately 11 million students.
Who is ShinyHunters?
ShinyHunters is a data extortion gang that has targeted hundreds of Salesforce customers over the past year, claiming to have stolen more than 1.5 billion records across multiple campaigns.
How can I check if my data was exposed?
Visit Have I Been Pwned (haveibeenpwned.com) and enter your email address. The service has added the Infinite Campus breach to its database.
Is this related to the PowerSchool breach?
No. While both involve K-12 EdTech companies, the PowerSchool breach in December 2024 was a separate incident by a different attacker, affecting 62 million students.
Need Help Implementing This?
Source: BleepingComputer
Manaal Khan
Tech & Innovation Writer
Related Articles
Browse all
Kraken Crypto Exchange Extortion: Hackers Threaten to Leak Internal Videos After Insider Breach
Cryptocurrency exchange Kraken is being extorted by hackers who obtained videos of internal systems through bribed support employees. The company says no funds were compromised and refuses to pay, with only about 2,000 accounts affected. Kraken is working with federal law enforcement to prosecute everyone involved.
Windows 11 KB5083769 and KB5082052: April 2026 Patch Tuesday Brings Smart App Control Changes and Security Fixes
Microsoft's April 2026 Patch Tuesday updates are now live for Windows 11, bringing critical security patches alongside a welcome change to Smart App Control. You can finally toggle SAC on or off without wiping your entire system. The updates cover versions 23H2, 24H2, and 25H2.
Zero Trust Identity Security: 5 Ways This Framework Actually Stops Credential Theft
Stolen credentials caused 22% of breaches in 2025, making them the top attack vector. Zero Trust promises to fix this, but only when it's built around identity as the core principle. Here's how organizations can implement it properly.
Open Source PR Backlogs: Why Your GitHub Contribution Sits Unreviewed for a Year
A developer's Jellyfin pull request has been waiting over a year for merge despite two approvals, exposing a systemic crisis in open source maintenance. Queuing theory explains why backlogs grow exponentially, and 60% of maintainers have quit or considered quitting due to burnout.
Also Read
PhotonCamera: An Open-Source App That Rivals Pixel Quality
For Android users who flash custom ROMs, losing access to Google's legendary camera processing has always been a painful trade-off. PhotonCamera, a fully open-source camera app, finally delivers HDR and multi-frame stacking that approaches stock Pixel quality.
Microsoft 365 Copilot Flaw Enabled One-Click Data Theft
A critical vulnerability chain called SearchLeak let attackers steal emails, documents, and calendar data from Microsoft 365 Copilot Enterprise users with a single malicious link. Varonis researchers discovered the flaw, which Microsoft patched earlier this month under CVE-2026-42824.
AWS FinOps Agent Preview: Autonomous Cloud Cost Management Arrives
AWS launched a preview of its FinOps Agent at the NYC Summit this week, alongside Gemma 4 on Bedrock and new data on AI-native development productivity. The agent can query costs, surface optimizations, and open Jira tickets automatically.