ShinyHunters steals data on 137,000 Infinite Campus staff accounts

The ShinyHunters extortion gang breached Salesforce accounts tied to Infinite Campus in March, obtaining personal details linked to more than 137,000 school employees.

Infinite Campus serves millions of students nationwide. The education technology provider supplies its student information system to over 3,200 school districts in the United States and handles records for 11 million students spread across 46 states.

When Infinite Campus alerted customers about the incident that same month, it stopped short of naming any particular threat actor. Officials instead characterized the intruder as "part of a group known for targeting the Salesforce accounts of hundreds of companies."

Exposed data limited to staff contact details. The company informed those impacted that only names plus contact information for personnel, together with other material already available to the public, had been taken. It stressed that it found no sign of broader access into customer databases.

Infinite Campus added in its notice that the intruders focused solely on its Salesforce environment. "Their target was the Infinite Campus Salesforce instance, consisting of names and contact information for school staff; the majority is directory information commonly found on school websites," it said.

ShinyHunters claims responsibility and leaks data. The gang later took credit on its leak portal and released a 1.2GB bundle of files that reportedly held Salesforce entries bearing personally identifiable information along with assorted internal corporate records. Have I Been Pwned examined the material and determined that records from 137,100 accounts were exposed, encompassing unique names, email addresses, employers, job titles, phone numbers, physical addresses, usernames, and support tickets.

The breach-notification service reported that the actors had published information they said came from Infinite Campus, "containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets." It noted that Infinite Campus later contacted those affected to explain that the released material mainly comprised "names and contact information for school staff" and that most of it could already be located on school websites.

Incident echoes prior edtech breach but with smaller scope. The episode bears resemblance to the PowerSchool intrusion disclosed in December 2024, although consequences diverged sharply because that earlier event touched 62 million students. The individual responsible, a 19-year-old college student from Massachusetts, received a four-year prison sentence following a guilty plea in May 2025.

Over the past year ShinyHunters has repeatedly struck Salesforce customers and asserted that it has taken more than 1.5 billion records through operations against hundreds of organizations, among them the Salesloft Drift hack and the Salesforce Aura campaign. In its latest reported effort the group says it leveraged a zero-day flaw in Oracle's PeopleSoft business software to harvest data from more than 100 entities, one of which was the University of Nottingham.