Infinite Campus Breach Hits 137K School Staff Accounts – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

Infinite Campus Breach Hits 137K School Staff Accounts

The notorious cybercrime gang ShinyHunters stole personal information from over 137,000 staff accounts in an attack on the widely used Infinite Campus system. The breach occurred via a third-party Salesforce application.

A computer screen showing a data breach alert in front of school lockers in a hallway.

What Happened

The education technology world has been shaken again by a major cyberattack. Infinite Campus, a student information system widely used by K-12 schools in the United States, suffered a significant data breach in March. Behind the incident is the well-known extortion gang ShinyHunters. The group announced that it had stolen personal information belonging to more than 137,000 school staff accounts.

Although the event first occurred in March 2026, the process of sending notification letters to affected staff didn't begin until June. Infinite Campus stated that it detected suspicious activity on March 28th and immediately launched an investigation. This situation once again highlights how long the gap can be between the detection of a cyberattack and the notification of its victims. ShinyHunters increased pressure on the company by claiming to have put the stolen data up for sale on a hacking forum, bringing the incident to public attention.

What Data Was Exposed

According to the statement from Infinite Campus, the data affected by the breach is quite sensitive. The company confirmed that attackers accessed the personal information of school staff. So, what exactly was stolen?

Has your email been leaked? Check for free — results in seconds.

Check Now →
  • Names: Full names of school personnel.
  • Email Addresses: Corporate or personal email addresses belonging to the staff.
  • Account Details: Other details related to user accounts within the Infinite Campus system.

At this point, the company emphasizes a crucial detail: the breach does not include student data. Furthermore, it was stated that staff's Social Security numbers, driver's license information, or any financial data (such as bank accounts or credit card information) were not compromised. While this means the potential damage is somewhat limited, the danger of the stolen information should not be underestimated. Even basic information like names and email addresses can become a powerful weapon for phishing attacks in the hands of cybercriminals. Attackers can use this information to craft much more convincing fake emails targeting school staff, attempting to steal more information or infect systems with malware.

How Did the Attack Happen

One of the most striking aspects of this attack is that the attackers did not directly breach Infinite Campus's main systems. According to sources, the attack stemmed from a supply chain vulnerability. ShinyHunters gained access to the system through a third-party Salesforce integration application used by Infinite Campus.

It is reported that the attackers used stolen credentials (username and password) to access this application. How they obtained these credentials is not yet clear. However, this method once again proves that the weakest link in cybersecurity is often a person or an integrated external system. No matter how strong a company's security measures are, a vulnerability in one of its partners or third-party applications can put the entire system at risk. Infinite Campus reported that it terminated the unauthorized access and secured its Salesforce environment after detecting the suspicious activity.

Who Is Affected

The people directly affected by the attack are the more than 137,000 staff members in schools that use the Infinite Campus system. This group includes teachers, school administrators, administrative staff, and other employees. Since Infinite Campus is used by thousands of school districts across the U.S., the geographical impact of the breach could be quite widespread. These individuals have now become potential targets for identity theft and targeted phishing attacks. Such incidents endanger not only the individuals but also the overall security of the educational institutions where they work.

What You Can Do

If you work at a school that uses Infinite Campus and believe you may have been affected by this breach, there are several important steps you can take:

  • Watch For and Review the Official Notification: Infinite Campus is notifying affected individuals by mail. Check your mailbox. The letter will contain clear information about your situation and the steps you need to take.
  • Take Advantage of the Free Identity Protection Service: The company is offering two years of free identity theft protection services through IDX to all affected personnel. The notification letter will include instructions on how to enroll. Be sure to activate this service. It monitors your credit reports and alerts you to any suspicious activity.
  • Be Vigilant Against Phishing Emails: Your email address and name may now be in the hands of cybercriminals. Be very cautious of fake emails that appear to come from your school, your bank, or any other institution. Do not click on suspicious links, download unexpected attachments, or ever share personal information via email.
  • Review Your Accounts: Change the passwords for all your important online accounts, especially your work email. Make sure to use strong, unique passwords for each account. Enable two-factor authentication (2FA) wherever possible.
  • Check Your Overall Exposure: It's important to be aware of your digital identity's overall security, not just in the context of this breach. You can use a Data Breach Search service to check if your email address has appeared in other breaches. This helps you understand which of your accounts are at greater risk.
  • Stay Informed: The world of cybersecurity is constantly changing. Staying informed about similar incidents is one of the best ways to protect yourself. By regularly following Data Breach News from reliable sources, you can learn about new threats and protection methods.

What the Company Is Saying

Infinite Campus has stated that it is taking the incident seriously and has implemented a series of measures. The company's official statements and actions can be summarized as follows:

The company emphasized that as soon as it detected the suspicious activity in its Salesforce environment on March 28, 2026, it immediately terminated the unauthorized access and secured the environment. A comprehensive investigation was launched with the support of leading cybersecurity firms to determine the scope and nature of the incident. This investigation aimed to clarify what data was compromised and who was affected.

Following the investigation, the company initiated the process of notifying affected individuals as required by law. Notification letters began to be sent to staff starting on June 12, 2026. The company also reported the incident to federal law enforcement and stated that it is fully cooperating with their investigation. The offer of a two-year complimentary IDX identity protection service to support the victims is also among the steps taken by the company.

Source

https://www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/

Share This Article
X LinkedIn WhatsApp
← Previous Post Maine Shuts Down Data Breach Portal Over Fake Submissions Next Post → OptinMonster WordPress Plugin Hacked

Weekly Newsletter

Curated data breach news delivered to your inbox every week.