Back to news
Cybersecurity Alert
July 5, 2026 by EmailMeNow IT Consulting

Was Infinite Campus Breached? We Scanned Their Domain Security

Infinite Campus appears on Have I Been Pwned with 137,123 accounts after a ShinyHunters Salesforce extortion leak. Independent audit scores infinitecampus.com at 50% with 5% identity spoofing.

Source: Have I Been Pwned

NewsData BreachShinyHuntersSalesforceEducationTexasCybersecurity
Student information system vendor targeted by ShinyHunters Salesforce data breach

Yes — Infinite Campus (infinitecampus.com) was breached. The K–12 student information system (SIS) vendor now appears on Have I Been Pwned with 137,123 accounts from a March 2026 ShinyHunters “pay or leak” extortion campaign.

HIBP added the breach on June 15, 2026. Published data allegedly includes email addresses, names, phone numbers, physical addresses, and support tickets — largely reflecting school staff directory information, according to Infinite Campus notifications cited by HIBP.

We scanned infinitecampus.com to assess email and domain security posture relevant to districts across Texas and nationwide.

What Happened

According to Have I Been Pwned:

  • March 2026 — ShinyHunters targeted Infinite Campus in a pay-or-leak extortion campaign.
  • The group published data it claimed was taken from the company’s systems.
  • 137,123 unique email addresses were exposed, along with names, phone numbers, physical addresses, and support tickets.
  • Infinite Campus notified affected parties, advising that exposed data largely consisted of school staff names and contact information — much of it directory data commonly published on district websites.
  • HIBP added the breach on June 15, 2026.

Infinite Campus serves hundreds of school districts nationwide. Even “directory” staff data combined with support tickets can fuel spear-phishing against principals, registrars, and IT admins with SIS access.

Illustration: ShinyHunters pay-or-leak extortion against student information system Salesforce data

Breach Impact at a Glance

FieldDetail
VictimInfinite Campus (infinitecampus.com)
SectorK–12 student information systems (edtech)
Threat actorShinyHunters
Accounts affected137,123
Breach periodMarch 2026
Added to HIBPJune 15, 2026
Data typesEmails, names, phones, addresses, support tickets
Primary exposureSchool staff directory & contact info

Data at Risk

Exposed records may include:

  • School staff email addresses and phone numbers
  • Names and physical addresses for district employees
  • Support tickets that may reference district-specific technical issues
  • Contact graphs linking Infinite Campus support staff to district IT admins

Texas districts should treat this as a supply-chain exposure — compromised vendor contact data can precede phishing against district SIS administrators. See our Texas ISD ransomware tracker.

Illustration: school staff directory contact information exposed from SIS vendor breach

Independent Cybersecurity Audit

We ran an EmailMeNow Cybersecurity Audit of infinitecampus.com on July 5, 2026:

DomainOverallIdentityTransportWebsiteRisk
infinitecampus.com50%5%15%92%Average

Key findings:

  • 50% overall (Average) — below the 100% ideal for an edtech vendor holding district relationship data.
  • 5% Identity & Spoofing — critically weak DMARC/SPF posture; spoofed @infinitecampus.com password-reset and support messages are far easier to deliver to district staff.
  • 15% Transport Security — no effective MTA-STS enforcement or TLS-RPT reporting.
  • 92% Website Security — strong public-site headers, but email identity failure is the dominant gap.

For Texas ISDs relying on Infinite Campus, 5% identity spoofing on the vendor domain is a serious post-breach concern — attackers with staff emails can pair them with convincing forged vendor messages.

Audit link: infinitecampus.com audit

Priority Actions

For district IT and school staff:

For edtech vendors:

  • Deploy DMARC p=reject on all customer-facing mail domains immediately.
  • Audit Salesforce integrations, API tokens, and admin MFA — the common ShinyHunters entry path in this wave.

Sources: HIBP — Infinite Campus · EmailMeNow audit — infinitecampus.com