Find notable cyber news and cases, enriched with sources, timelines, and signals.

Infinite Campus Salesforce records theft claim

Data Leak
First reported
Last updated
Happening score
H score 88
1 unique sources, 2 articles

Summary

Hide ▲

Data leak activity tied to Infinite Campus intensified after ShinyHunters claimed responsibility for a March Salesforce theft and published a 1.2GB archive alleged to contain records from the company’s environment. Reported exposure includes information for more than 137,000 school staff accounts, with Have I Been Pwned saying the dump contains 137,100 accounts and data such as names, email addresses, phone numbers, physical addresses, usernames, and support tickets. Infinite Campus said the accessed material was mostly directory information and that it had no evidence customer databases were compromised. The event affects an EdTech provider used by 3,200+ school districts serving 11 million students across the United States.

Related Happenings

Infinite Campus hit by data theft breach linked to ShinyHunters

Incident
H score51 First: 15.06.2026 15:38 Last: 15.06.2026 15:38 Sources 1

How related: The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March.

About this happening: **Infinite Campus** suffered a **Salesforce data theft breach** that exposed **more than 137,000 school staff accounts**, putting staff contact and account data at risk. The compr...

Council of Europe ShinyHunters data leak claim

Data Leak
H score82 First: 15.06.2026 13:44 Last: 15.06.2026 13:44 Sources 1

About this happening: **ShinyHunters** has posted the **Council of Europe** on a **Tor-based leak site**, claiming a data theft that could expose **more than 297 GB** and **over 429,000 files**. The al...

University of Nottingham hit by cyberattack

Incident
H score68 First: 11.06.2026 10:27 Last: 11.06.2026 10:27 Sources 1

About this happening: **ShinyHunters**/**UNC6240** exploited **CVE-2026-35273**, a **zero-day** in **Oracle PeopleSoft Enterprise PeopleTools**, between **May 27 and June 9** to breach enterprise syste...

Nottingham University data publication on ShinyHunters leak site

Data Leak
H score68 First: 10.06.2026 21:31 Last: 10.06.2026 21:31 Sources 1

About this happening: **Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...

ShinyHunters Oracle PeopleSoft data theft and extortion campaign

Campaign
H score60 First: 10.06.2026 21:31 Last: 10.06.2026 21:31 Sources 1

About this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...

Latest development: 29.06.2026 23:40

Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.

Timeline

  1. 24.03.2026 15:48 2 articles · 3mo ago

    ShinyHunters claims Infinite Campus Salesforce records and threatens leak

    Untyped Phase

    ShinyHunters claimed it stole Salesforce records tied to Infinite Campus, including personally identifiable information and internal corporate data, and posted a dark web “final warning” threatening to leak the material unless contact was made by March 25.

    Show sources
  2. 24.03.2026 15:48 2 articles · 3mo ago

    Infinite Campus warns customers and disables some services

    Initial Disclosure

    Infinite Campus warned customers that hackers accessed an employee's Salesforce account, said the exposed material was mostly publicly available directory information and that no customer databases were accessed, stated it would not engage with the attacker, disabled certain customer-facing services for users without IP address restrictions, and began scanning Salesforce data while contacting potentially impacted districts.

    Show sources