11M Students Potentially Exposed After Infinite Campus Hack

Infinite Campus, a major student information system used by thousands of US schools, has disclosed a data breach reportedly carried out by the hacking group ShinyHunters. Early reports suggest as many as 11 million students could be affected, with investigators working to determine the scope of data accessed.

The company notified customers after detecting unauthorized access and said it is coordinating with law enforcement and cybersecurity specialists. Infinite Campus also stated it will not engage in negotiations or pay ransoms to the attackers, framing the response around containment and forensic investigation.

Details about what specific types of student data were accessed remain limited publicly. In previous incidents tied to similar groups, exposed information has included names, dates of birth, contact details, and sometimes protected education records. School districts using the platform are being advised to review notifications, implement recommended security steps, and prepare for possible outreach to affected families.

ShinyHunters has been tied to multiple high‑profile leaks in recent years, typically publishing or selling stolen data if demands are not met. That history raises the risk that compromised records could appear on illicit forums or be leveraged for identity theft and fraud unless rapidly contained.

For schools and parents, practical steps include monitoring accounts for unusual activity, resetting passwords, enabling multi‑factor authentication where available, and watching for phishing attempts that could follow the breach. Infinite Campus users should follow official communications from their district for guidance on specific remedial actions.

As investigations proceed, regulators and affected institutions will likely evaluate whether data protection practices need strengthening and whether notifications to state or federal agencies are required. The incident underscores the persistent risks facing education technology platforms that hold large-scale personal data.