Home / Technology / ShinyHunters Target Infinite Campus: Staff Data Stolen
ShinyHunters Target Infinite Campus: Staff Data Stolen
25 Mar
Summary
- Infinite Campus confirmed a data breach impacting staff names and contact info.
- The hacking group ShinyHunters claims responsibility for the incident.
- A ransom deadline of March 25, 2026, was set by the attackers.
Infinite Campus, a popular student information system, has confirmed a data breach occurring on March 18, 2026. The breach was carried out by a group known for targeting Salesforce accounts, widely believed to be ShinyHunters.
An unauthorized actor accessed an employee's Salesforce account, managing to steal the names and contact details of school staff before being detected and removed by IT security. The company emphasized that customer data was not compromised and that the stolen information largely consists of details readily available on public school websites.
ShinyHunters have since claimed responsibility and added Infinite Campus to their data leak site. They have issued a ransom demand with a deadline of March 25, 2026, threatening to release the stolen internal corporate data and personally identifiable information on the dark web if their demands are not met.
Infinite Campus has stated its policy is not to engage with unauthorized actors or engage in ransom negotiations. The group ShinyHunters has a history of similar attacks, with previous victims including major corporations like Cisco and Adidas, often utilizing methods such as vishing or OAuth token theft to gain access to CRM data.
