The ShinyHunters extortion gang stole personal information from over 137,000 school staff accounts through a Salesforce-based attack on Infinite Campus, a widely used K-12 student information system. The breach occurred in March.
Infinite Campus, a critical platform managing student records for thousands of schools across North America, fell victim to a data theft targeting its Salesforce infrastructure. ShinyHunters, an established extortion operation, accessed sensitive personal information belonging to school employees during the attack.
The breach highlights vulnerabilities in widely-adopted educational technology systems that handle confidential student and staff data. Infinite Campus serves as a central repository for administrative information at many K-12 institutions, making it an attractive target for threat actors seeking high-value data.
Affected staff members face risks of identity theft and fraudulent activity, given the personal information exposed in the attack. Schools relying on the platform have begun notifying impacted employees and offering credit monitoring services.
The incident adds to a growing list of breaches targeting critical infrastructure used by educational institutions. Schools nationwide have increasingly become targets for cybercriminals, with student data and financial systems frequently compromised.
Infinite Campus has not released detailed public statements about the breach's scope or remediation efforts. The company has been working with law enforcement and cybersecurity experts to investigate the incident and prevent further unauthorized access.
ShinyHunters has a history of high-profile attacks, including previous breaches at major retailers and service providers. The group typically steals data and demands ransom payments, threatening to sell or release information publicly if demands are not met.
Schools and districts using Infinite Campus are advised to strengthen authentication protocols, monitor for unauthorized access, and review account activity for suspicious behavior. Educational institutions should also consider implementing additional security measures around sensitive staff and student data.
The breach underscores the need for robust security practices among vendors serving the education sector, where budget constraints often limit cybersecurity investments.
Employees are increasingly building automations and applications using AI tools outside traditional security channels. CISOs now face governance challenges as shadow tooling and unsupervised code creation expand across organizations.
NewCore has secured $66 million in funding to develop identity and access management systems for AI agents operating as enterprise employees. The startup addresses what it sees as the next critical frontier in enterprise security.
China-linked hackers exploited exposed REDCap servers to deploy InfiniteRed malware and steal sensitive research data from a North American medical institution.
More than two dozen companies, including JPMorgan Chase, are collaborating with Chainguard and cybersecurity firms to identify and fix software vulnerabilities using advanced AI models.