Infinite Campus, a student information system used by more than 3,200 school districts serving 11 million students across 46 US states, has confirmed a data breach. The ShinyHunters hacking group broke into the company’s Salesforce environment in March 2026 and stole a 1.2 GB archive of records. The breach was later surfaced by the breach-tracking site Have I Been Pwned, which confirmed that 137,100 unique accounts were affected.
The exposed data includes names, email addresses, phone numbers, physical addresses, job titles, and support ticket records — all belonging to school staff rather than students. Infinite Campus says most of the information is the kind of directory data already publicly listed on school websites, and that there is no evidence student databases were touched. Still, anyone whose information was included could face phishing emails or phone calls from criminals impersonating school technology vendors or district administrators.
How to check if you’re affected
Affected products include the Infinite Campus student information system (SIS). If you work in school administration at any Infinite Campus partner district in the US, your contact information may have been exposed. You can check whether your email address appeared in this breach by visiting Have I Been Pwned and entering your work email.