Infinite Campus warned customers of a data breach after an extortion attempt by the ShinyHunters group, which claims to have accessed an employee’s Salesforce account. The company says most exposed records were publicly available directory information, will not negotiate with the attacker, and has disabled some customer-facing services while scanning for affected Salesforce data. #ShinyHunters #InfiniteCampus
Keypoints
- ShinyHunters claims to have accessed an Infinite Campus employee’s Salesforce account during an extortion attempt.
- Infinite Campus notified customers of the breach but has not issued a public statement.
- The company says exposed data was mostly publicly available directory information and that no customer databases were accessed.
- Infinite Campus refused to negotiate with the attacker after being given a deadline to initiate contact.
- The firm disabled certain customer-facing services for users without IP restrictions and is scanning Salesforce data while contacting potentially impacted districts.