- Infinite Campus Hit by ShinyHunters via Salesforce Account Breach
- Staff names and contact details stolen; customer data is not affected
- Group added company to leak site, demanding ransom by March 25 as part of broader Salesforce targeting campaign
Popular student information system (SIS) Infinite Campus has confirmed that it suffered a data breach from the infamous ShinyHunters group, which is now trying to extort money from the company.
In a data breach notification letter, shared with affected individuals and then posted to Reddit, Infinite Campus said an unauthorized actor accessed an employee’s Salesforce account on March 18, 2026, but was quickly ousted after IT and security teams were alerted.
However, before they were expelled, the attacker managed to capture the names and contact details of school staff. Infinite Campus claims that most of the data collected is “commonly found on school websites” and that customer information has not been targeted or stolen.
Article continues below
The ShinyHunters take responsibility
While the organization did not name the perpetrators, it said it was a “kn group.” That didn’t stop the attackers from reaching out and trying to extort money from the organization. “Infinite Campus has not and will not collaborate with the unauthorized actor,” it said, before adding that it has disabled some customer-facing services for users without an IP address.
clean to target the Salesforce accounts of hundreds of companies,” which alludes to ShinyHunters.
At the same time, the group added Infinite Campus to its data leak site, setting a payment deadline of March 25, 2026, or risk publishing all stolen files on the dark web.
They claim to have taken Salesforce records containing personally identifiable information (PII) and various internal company data.
ShinyHunters has been running campaigns against Salesforce customers for several months now, with Cisco, Adidas, Qantas and Allianz Life among its victims.
Attackers would use voice phishing (vishing) to trick employees into granting access or stealing OAuth tokens, then use the access to exfiltrate CRM data. The data is then returned in exchange for Bitcoin or Monero.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
