HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Infinite Campus Salesforce Breach Exposes 137,000 K‑12 Staff Records

ShinyHunters accessed Infinite Campus’s Salesforce instance, leaking personal data for over 137,000 school staff. The breach underscores the need for robust SOC 2 access‑control practices and continuous audit evidence.

LiveThreat™ Intelligence · 📅 June 15, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
4 recommended
📰
Source
bleepingcomputer.com

Infinite Campus Salesforce Breach Exposes 137,000 K‑12 Staff Records

What Happened — In March 2026 the ShinyHunters extortion gang breached the Salesforce instance that powers Infinite Campus’s student‑information system. A 1.2 GB archive containing names, email addresses, phone numbers, physical addresses, job titles and support‑ticket data for ≈ 137 k staff accounts was leaked. Infinite Campus confirmed the data was limited to staff directory information and found no evidence of student‑record compromise.

Why It Matters for Compliance & Audit Readiness

  • The incident is a textbook example of a credential‑access failure that SOC 2 CC6.1 (Logical Access) is designed to prevent and document.
  • Continuous monitoring of privileged SaaS accounts and immutable audit logs become critical evidence that your organization enforces “least‑privilege” and MFA controls.
  • Demonstrating up‑to‑date access‑control policies and security‑awareness training satisfies both the “Security” and “Availability” trust principles during a SOC 2 audit.

Who Is Affected — K‑12 school districts, EdTech SaaS providers, and any organization that integrates staff data into a shared Salesforce environment.

Recommended Actions

  • Map the breach to SOC 2 CC6.1 and verify that MFA is enforced for all Salesforce admin and service accounts.
  • Deploy real‑time monitoring of Salesforce login activity and set alerts for anomalous access patterns.
  • Refresh security‑awareness training focused on credential phishing and SaaS‑account hygiene for privileged users.
  • Collect and retain logs, MFA enforcement records, and policy updates as audit‑ready evidence.

Technical Notes — Attack vector: compromised Salesforce credentials (likely via phishing or credential reuse). Data types: personally identifiable information (PII) of staff (names, emails, phone numbers, addresses, job titles, support tickets). Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →