Infinite Campus said an unauthorized actor accessed an employee’s Salesforce account on March 18 and that the company disabled certain customer-facing services as a precaution while it investigated an extortion demand.
Infinite Campus, based in Blaine, Minnesota, is a student information system provider founded in 1993. The company says it serves more than 3,200 districts, supports 11 million students in 46 states and employs more than 650 people. Its platform handles attendance, grades, scheduling and parent-facing records access, making even short disruptions significant for school operations.
BleepingComputer reported Tuesday that Infinite Campus warned customers of a data breach after an extortion attempt. According to the customer notice it reviewed, hackers accessed an employee’s Salesforce account, and the company said the exposed information was mostly publicly available names and contact details for school staff. Infinite Campus said it would not negotiate.
The company said its investigation indicates the actor did not access customer databases. It also said it promptly disabled certain customer-facing services for customers without IP address restrictions and that support teams were helping affected districts reactivate those services.
Those steps overlapped with visible disruption signals at school districts. Washoe County School District posted a service alert at 8:14 a.m. March 19 saying Infinite Campus was “experiencing outage with many reports,” then said at 12:11 p.m. that the reporting issue had been resolved. Madison Metropolitan School District separately told users its Infinite Campus system would be “completely inaccessible” March 25 and 26 during a required managed-services upgrade scheduled for spring break.
School IT workers also discussed technical problems in public forums around the same time. In posts reviewed by DysruptionHub, users described broken ODBC connections, SQL or database-access changes, and scripts disrupted by lost access. Those posts do not independently confirm the scope of the incident, but they are consistent with administrators publicly describing workflow and access problems while Infinite Campus says some services were disabled as a precaution.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
The incident also followed a public extortion claim. A ransomware.live listing for “Infinite Campus, Inc.” said Salesforce records containing personally identifiable information and internal corporate data had been compromised and warned the company to make contact by March 25. Infinite Campus did not identify the actor by name in its customer notice, but said the intruder claimed to be part of a group known for targeting Salesforce accounts at hundreds of companies.
The incident emerged during a broader campaign targeting Salesforce environments. Google Threat Intelligence said in January that ShinyHunters-branded activity had expanded through voice phishing, theft of single sign-on credentials and multi-factor authentication codes, followed by SaaS data theft for extortion. FINRA said March 7 that Salesforce had reported active exploitation of misconfigured Experience Cloud guest-user profiles to gain unauthorized access to organizational data.
That backdrop does not show Infinite Campus was compromised through the same method. But it places the company’s confirmed Salesforce account intrusion and extortion demand within a documented campaign affecting Salesforce-connected environments at the same time districts were reporting service issues and administrators were discussing database-access problems.
Recent incidents involving school technology vendors have shown how quickly provider security and availability problems can spill into district operations. PowerSchool disclosed in January 2025 that attackers had exfiltrated personal information from parts of its student information system, while Finalsite’s October 2025 outage disrupted school messaging and alerts in multiple states. The Infinite Campus incident fits that broader pattern: when a widely used education vendor falters, schools can feel the effects before the full scope is clear.
For schools, the immediate question is narrower than the extortion post itself. Infinite Campus says customer databases were not accessed, but districts still need to know how many systems were affected by the precautionary shutdowns, which functions were interrupted, and whether further hardening or restoration work lies ahead. For a platform woven into daily K-12 operations, those answers matter as much as the breach claim.
