Infinite Campus Warns of Data Breach After ShinyHunters Claims Theft of Salesforce Records
What Happened — ShinyHunters announced it had accessed an employee’s Salesforce account used by Infinite Campus, exfiltrating staff‑directory information and other publicly‑available data. Infinite Campus notified its customers of the breach and refused to negotiate with the extortionists.
Why It Matters for TPRM —
- Credential compromise of a SaaS platform can expose personally identifiable information (PII) of thousands of educators.
- Extortion attempts create legal, reputational, and financial risk for school districts that rely on the vendor.
Who Is Affected — K‑12 education districts (≈3,200) using Infinite Campus’s student information system; staff members whose contact details were stored in Salesforce.
Recommended Actions — Review the vendor’s Salesforce security controls (MFA, least‑privilege), demand evidence of breach remediation, and update contractual clauses for incident response and data protection.
Technical Notes — Attack vector: stolen Salesforce credentials; data types: names, email addresses, phone numbers (largely public). No customer‑database records were accessed according to the vendor. Source: BleepingComputer