TL;DR: On March 18, 2026, hackers breached an employee's Salesforce account at Infinite Campus, the company that manages student data for 11 million kids across 3,200 school districts in 46 states. On March 22, ShinyHunters posted a ransom demand on their dark web site. On March 25, they issued a "final warning." Infinite Campus says only staff contact information was accessed: stuff that's mostly public anyway. They're refusing to pay. The hackers claim they have more. If your child uses Infinite Campus, watch for what happens next.

The Timeline

Here's how fast this moved:

  • March 18, 2026: Hackers access an employee's Salesforce account at Infinite Campus [1]
  • Same day: Internal security flags suspicious activity. IT and security teams boot the attacker [2]
  • March 22: ShinyHunters posts a claim on their Tor site: they breached Infinite Campus and stole data [1]
  • March 24: ShinyHunters issues "final warning": pay up by March 25 or the data gets dumped [2]
  • March 25: Infinite Campus confirms the breach, says no student data was accessed, refuses to negotiate [1]

Credit where it's due: Infinite Campus detected this breach the same day it happened. That's rare. Most companies take months. TriZetto took 10 months to notice hackers in their systems.

Who Is Infinite Campus?

Infinite Campus is the largest American-owned K-12 student information system. If you have kids in public school, there's a decent chance their grades, attendance, health records, disciplinary history, and personal information flows through Infinite Campus servers.

The numbers:

  • 11 million students
  • 3,200 school districts
  • 46 states

Parents use Infinite Campus portals to check grades, update emergency contacts, and view attendance. Teachers use it to track everything. That's a lot of data about a lot of kids.

What ShinyHunters Claims vs. What Infinite Campus Says

The stories don't match.

ShinyHunters claims: They stole Salesforce records containing personally identifiable information and internal corporate data [1]. They want money to not leak it.

Infinite Campus says: According to their investigation, no customer databases were accessed. The exposed data "consists of names and contact details for school staff and information that is commonly available publicly" [2].

Translation: Infinite Campus is betting the hackers are bluffing. They caught the intrusion fast. They believe the attackers only grabbed low-value data before getting kicked out.

ShinyHunters doesn't bluff often. This is the group that hit AT&T, Ticketmaster, DoorDash, Grubhub, Betterment, Crunchyroll, and dozens of others. When they claim a breach, they usually have the goods.

The Salesforce Connection

This is another Salesforce supply chain attack. ShinyHunters has been running this playbook since late 2025:

  1. Compromise OAuth tokens from SaaS vendors like Salesloft and Drift
  2. Use those tokens to access customer Salesforce instances
  3. Exfiltrate data from high-value targets
  4. Show up with ransom demands

The FBI issued a warning about this campaign in September 2025. More than 760 companies have been hit through compromised Salesforce integrations. Schools are now on the target list.

Infinite Campus Won't Pay

From their statement: Infinite Campus "will not engage with the attacker" [1].

That's the right call. Paying ransoms funds more attacks and doesn't guarantee data won't be leaked anyway. But it means whatever ShinyHunters has (if they have anything beyond staff directories) is likely going public.

The company says it's contacting affected school districts with guidance. If you're a parent or school administrator, watch for communications from Infinite Campus or your district.

What's Actually at Risk?

If Infinite Campus is telling the truth, the damage is limited:

  • Names and emails of school staff (often public anyway)
  • Contact information that's on school websites
  • Internal Salesforce records about sales and customer relationships

If ShinyHunters has more than they're letting on, it could include:

  • Student records (grades, attendance, disciplinary notes)
  • Parent/guardian contact information
  • Health and emergency contact data
  • Social Security numbers (some districts store these)

We don't know yet which story is true. The next few days will tell us.

What Parents Should Do

  • Don't panic yet. Infinite Campus detected this fast and claims student data wasn't accessed. That may be true.
  • Watch for notifications. If your school district uses Infinite Campus, wait for official communications about whether your child's data was involved.
  • Freeze your child's credit. If you haven't already, consider freezing your children's credit reports with all three bureaus. Kids' Social Security numbers are prime targets for identity theft because the fraud can go undetected for years.
  • Be skeptical of emails. If ShinyHunters does leak school staff data, expect phishing campaigns targeting parents. "Your child's records need verification" emails are coming.
  • Ask your school district questions. What data does Infinite Campus store? Is it encrypted? What's their breach notification policy?

ShinyHunters' Growing Scoreboard

Infinite Campus joins a long list of 2025-2026 ShinyHunters victims:

The group shows no signs of slowing down. They found a vulnerability in the Salesforce ecosystem and they're milking it.

The Bottom Line

A company holding data on 11 million American students got hacked. They say they caught it fast and the damage is minimal. Hackers say otherwise. Someone's wrong.

Either way, this is what happens when schools outsource student data to cloud vendors. The security of your kid's records depends on whether some random employee at a software company clicks a phishing link. That's the system we've built.

Watch for updates. If ShinyHunters posts a leak, we'll know what they actually got. If they go quiet, Infinite Campus was probably right. The next 72 hours will tell us which story holds.

Sources

  1. Cybernews: Hacker group breached Infinite Campus, school software used by 11 million students (March 2026)
  2. Cyber Insider: Infinite Campus discloses Salesforce breach as ShinyHunters claims data theft (March 2026)
  3. DataBreaches.net: Infinite Campus Security Incident: No Impact to Student Data According to Infinite Campus (March 25, 2026)
  4. Security Boulevard: Infinite Campus Warns of Breach After ShinyHunters Claims Data Theft (March 2026)