The ShinyHunters extortion gang conducted a data theft attack in March 2026 targeting the Salesforce instance of Infinite Campus, an education technology company serving over 3,200 U.S. school districts. The breach exposed personal information from approximately 137,100 school staff accounts, including names, contact details, job titles, and support tickets. Infinite Campus confirmed the data mainly consisted of publicly available directory information and reported no evidence of customer database compromise. The attackers leaked a 1.2GB archive of Salesforce records on their data leak site. This incident aligns with ShinyHunters' ongoing campaign against Salesforce customers and follows similar high-profile breaches in the education sector.

The breach exposed personally identifiable information (PII) of more than 137,000 school staff members, including names, email addresses, phone numbers, physical addresses, job titles, usernames, and support tickets. Although Infinite Campus indicated that most of the data was publicly available directory information and there was no evidence of customer database compromise, the exposure of such data could facilitate targeted phishing or social engineering attacks against affected individuals. No direct evidence of further exploitation or broader system compromise has been reported.

No official patch or remediation guidance has been provided by Infinite Campus regarding this breach. Infinite Campus has notified affected customers and stated that the exposed data largely consists of publicly available information. Organizations using Infinite Campus should follow any guidance from the vendor and monitor communications for updates. Given the nature of the breach, affected individuals should be advised to remain vigilant against phishing and social engineering attempts. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.