Infinite Campus, which manages data for over 11 million students across more than 3,200 U.S. school districts, experienced a breach when an attacker accessed an employee's Salesforce account on March 18, 2026. The intruder, connected to the ShinyHunters extortion group, then demanded a ransom by March 25 to avoid releasing the stolen data.
The company notified customers on March 24, saying the exposed information mostly includes staff names and contact details typically found on school websites. Importantly, Infinite Campus confirmed that student records and customer data were not compromised. After quickly detecting the breach, their IT and security teams removed the attacker’s access.
While ShinyHunters claimed they obtained personally identifiable information and other internal corporate data, Infinite Campus declined to engage with the hackers or pay any ransom. The group behind the attack is known for targeting Salesforce accounts across many companies.
What K-12 Districts Should Do Now
Districts using Infinite Campus or Salesforce services should review their own account security measures immediately. Strong passwords, multi-factor authentication, and rapid incident response plans are essential defenses. Keeping an eye on unusual account activity can help catch any future attempts early.
Why This Matters
This breach highlights the risks posed by attacks on third-party services like Salesforce that schools rely on. Even if student data wasn’t taken this time, staff information exposure and extortion efforts disrupt operations and trust. Schools need to stay vigilant about cybersecurity across all tools they use—not just their core student systems.