An Infinite Campus breach exposed data linked to more than 137,000 user accounts after the cybercrime group ShinyHunters published information it allegedly stole during an extortion campaign. The incident affects one of the largest student information system providers in the United States and highlights the growing threat facing education technology platforms.

According to reports, attackers gained access to a Salesforce account connected to Infinite Campus. After the company refused to pay a ransom, ShinyHunters released the stolen information online.

Attackers Accessed a Salesforce Account

Infinite Campus informed affected individuals that attackers accessed an employee’s Salesforce account on March 18, 2026. The company detected the intrusion and quickly disabled the compromised account to stop additional unauthorized activity.

After gaining access, the attackers contacted Infinite Campus and demanded payment in exchange for deleting the stolen information. Company officials rejected the demand and refused to negotiate with the threat actors.

ShinyHunters responded by adding Infinite Campus to its leak site and threatening to publish the data. When the company maintained its position, the group released the information and made the dataset available online.

Leak Contains Information From More Than 137,000 Accounts

Cybersecurity researcher Troy Hunt, who operates the Have I Been Pwned service, reviewed the leaked data and identified 137,123 unique email addresses. The dataset reportedly contains names, email addresses, phone numbers, physical addresses, usernames, job titles, and support ticket details.

Infinite Campus stated that the affected Salesforce environment mainly stored contact information for school staff members. However, ShinyHunters claimed the dataset also contains personally identifiable information and internal business records.

Researchers continue to examine the leak and verify the full scope of the exposed data. While investigators confirmed the presence of contact information, they have not verified every claim made by the threat actor.

Education Platforms Face Growing Cyber Threats

Infinite Campus serves more than 3,200 school districts and supports over 11 million students across 46 states. Schools rely on the platform to manage attendance records, grades, schedules, and communication with families.

Cybercriminals increasingly target education technology providers because these organizations store large amounts of personal information. Attackers often view student platforms as valuable targets for extortion, phishing campaigns, and identity-related fraud.

The incident also reflects a broader campaign that targets organizations using Salesforce environments. Security researchers have linked several recent data theft and extortion attempts to compromised Salesforce accounts.

As more organizations move sensitive information into cloud-based systems, attackers continue searching for opportunities to exploit weak credentials, stolen accounts, and third-party integrations.

Conclusion

The Infinite Campus breach demonstrates how a single compromised account can create significant security risks. Attackers accessed a Salesforce account, stole data linked to more than 137,000 user accounts, and published the information after Infinite Campus rejected their ransom demands.

The incident adds to a growing list of attacks targeting cloud platforms that store large amounts of personal information. Education providers and technology vendors will likely face increasing pressure to strengthen account security, improve monitoring, and respond quickly when attackers gain access to sensitive systems.


0 responses to “Infinite Campus Breach Exposes 137,000 User Accounts”