The **ShinyHunters** extortion gang has once again demonstrated its capabilities, this time by stealing personal information from more than 137,000 school staff accounts. The attack targeted the **Salesforce** instance of **Infinite Campus**, a leading education technology (EdTech) company. **Infinite Campus** provides a student information system (SIS) to over 3,200 school districts across the United States, managing data for 11 million students in 46 states. While **Infinite Campus** initially refrained from attributing the incident to a specific hacking group in its March customer notification, it described the attacker as "part of a group known for targeting the **Salesforce** accounts of hundreds of companies." This description aligns with **ShinyHunters**' known modus operandi. **Infinite Campus** informed affected customers that the exposed data primarily consisted of names and contact details for school staff, much of which is publicly available directory information. The company emphasized that there was no evidence of compromise to its core customer databases. However, **ShinyHunters** later claimed responsibility on its data leak site, publishing a 1.2GB archive of documents. This archive allegedly contains **Salesforce** records with personally identifiable information (PII) and other internal corporate data.  Data breach notification service **Have I Been Pwned** analyzed the leaked data, confirming that the breach exposed records from 137,100 accounts. This includes unique names, email addresses, employers, job titles, phone numbers, physical addresses, usernames, and support tickets. "The group subsequently published data they alleged was taken from **Infinite Campus**, containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets," **Have I Been Pwned** stated. This incident bears a resemblance to the December 2024 **PowerSchool** hack, though the scale of impact differs significantly. The **PowerSchool** breach affected 62 million students, leading to legal action and a four-year prison sentence for the 19-year-old hacker involved. **ShinyHunters** has a documented history of targeting **Salesforce** customers. Over the past year, the group has claimed to have stolen more than 1.5 billion records through campaigns like the **Salesloft Drift** hack and the **Salesforce Aura** campaign. More recently, **ShinyHunters** has taken credit for exploiting a zero-day vulnerability in **Oracle**'s **PeopleSoft** enterprise business software suite. This ongoing campaign has reportedly led to data theft from over 100 organizations, including the **University of Nottingham**.