Infinite Campus warns of data breach following extortion threat targeting Salesforce account

A cyber intrusion at Infinite Campus has exposed limited staff-related data after attackers gained access to an employee’s Salesforce account, prompting the education technology company to notify customers and implement precautionary measures.

The incident surfaced as a threat actor group known as ShinyHunters issued a “final warning” on its dark web site, claiming responsibility for the breach and threatening to release allegedly stolen data unless ransom negotiations began by March 25. Infinite Campus has stated it will not engage with the attackers.

Infinite Campus, a U.S.-based provider of student information systems used by more than 3,200 school districts, manages records for approximately 11 million students across 46 states. The company indicated that its internal investigation found no evidence that customer databases or student records were accessed during the breach.

The compromised data is limited to information contained within the company’s Salesforce environment, including names and contact details of school staff. The firm said most of this information is publicly available, commonly found on school websites and directories.

The company described the attacker as part of a broader group known for targeting Salesforce accounts across multiple organizations. Over the past year, similar campaigns have affected hundreds of companies, with attackers claiming large-scale data theft involving corporate and customer records.

In response, Infinite Campus has disabled certain customer-facing services for users without IP address restrictions to reduce potential exposure risks. The company is also conducting a comprehensive review of its Salesforce data and has begun notifying affected school districts with guidance on next steps.

The breach bears similarities to prior attacks targeting education technology platforms, including a major incident involving PowerSchool in December 2024. That breach exposed sensitive data belonging to millions of students, though Infinite Campus indicated the scope of the current incident is significantly more limited.

The company has not disclosed the number of school districts potentially impacted and has not released a formal public statement beyond direct customer notifications.