- Infinite Campus hit by ShinyHunters via Salesforce account breach
- Names and staff contact information stolen; customer data unaffected
- The group added business to the leaked site and demanded a ransom by March 25 amid a broader Salesforce targeting campaign
Popular student information system (SIS) Infinite Campus has confirmed that it is suffering a data breach at the hands of the infamous ShinyHunters group, who are now trying to extort money from the company.
In a data breach notification letter shared with affected individuals and subsequently posted on Reddit, Infinite Campus said an unauthorized actor gained access to an employee’s Salesforce account on March 18, 2026, but was quickly deposed after IT and security teams were alerted.
Before they were forced out, however, the attacker managed to get hold of the names and contact details of the school’s staff. Infinite Campus says most of the data it captured “is commonly found on school websites” and customer information was not targeted or stolen.
The article continues below
ShinyHunters takes the blame
While the organization did not name the perpetrators, it said they are a “group which did not stop the attackers from reaching out and trying to extort money from the organization. “Infinite Campus has not, and will not, engage with the unauthorized actor,” it said, before adding that it disabled some customer-facing services for users without IP addresses.
own to target hundreds of companies’ Salesforce accounts,” ShinyHunters suggests.
At the same time, the group added Infinite Campus to its data leak page, giving a March 25, 2026 deadline for payment or it would release all the stolen files on the dark web.
They claim to have taken Salesforce records with personally identifiable information (PII) and various internal company data.
ShinyHunters has been running campaigns against Salesforce customers for months now, with victims including Cisco, Adidas, Qantas and Allianz Life.
In the attackers would use voice phishing (vishing) to trick employees into providing access or steal OAuth tokens, and would then use the access to exfiltrate CRM data. The data is then offered back in exchange for bitcoin or monero.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
