School software serving 11M students hacked, ShinyHunters claims attack

Published: 25 March 2026
Last updated: 26 March 2026
classroom, teacher in pink top, isa flag, kids leaning on tables,
School kids takin a test. Irfan Khan/Los Angeles Times/Getty.

Infinite Campus, a widely used supplier of a popular Student Information System (SIS), is the latest victim of ShinyHunters. The ransomware extortion group is threatening to publicly reveal all stolen data.

Key takeaways:
  • ShinyHunters breached Infinite Campus through a compromised employee Salesforce account.
  • Attackers accessed school employee names and contact information.
  • Infinite Campus refuses to negotiate despite threats to leak data by March 25th
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

In an email addressed to affected students and workers, Infinite Campus says that “an unauthorized actor” managed to gain access to an employee’s Salesforce account on March 18th.

ADVERTISEMENT

Multiple security alerts went off and alerted the company’s IT and security teams of the intrusion. The Salesforce account was immediately disabled.

“That evening, the unauthorized actor, claiming to be part of a group known for targeting the Salesforce accounts of hundreds of companies, contacted Infinite Campus, demanding payment in exchange for the destruction of the Salesforce data they claimed to possess. Infinite Campus has not, and will not, engage with the unauthorized actor,” the email states.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

According to Charlie Kratsch, Founder and CEO of Infinite Campus, the attackers haven’t accessed any customer databases. Their target was the Infinite Campus Salesforce instance, which consists of names and contact information for school staff members.

As a precaution, Infinite Campus disabled some services for customers that didn’t have IP address restrictions in place, in the event that sensitive information had been included in any customer communication.

Lastly, IT workers from Infinite Campus and external cybersecurity experts are currently scanning all Salesforce data that may have been accessed.

Although the educational software designer doesn’t identify ShinyHunters as the attacker, it does make sense.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites
ADVERTISEMENT

ShinyHunters targeted Salesforce last year, threatening to target hundreds of its customers if the company refused to pay a ransom. The gang is also known for using social engineering to obtain login credentials from the target organization’s staff.

On their leak site, ShinyHunters claims to have stolen Salesforce records containing personally identifiable information (PII) and other internal corporate data.

Have thoughts about this topic? Others do, too. Join them in the discussion.

“This is a final warning to reach out by 25 Mar 2026 before we leak along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline,” the extortion group warns.

Infinite Campus serves over 11 million students in 3,200 American school districts in 46 states.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked