GoKawiilInfinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor.
In the breach notification sent to customers, Infinite Campus states that hackers accessed an employee's Salesforce account, exposing information that was mostly publicly available.
The company has not published an official statement, but customers reported the incident on various public platforms.
The notification comes shortly after the data extortion group ShinyHunters claimed the attack and posted a “final warning” on its dark web site yesterday, threatening to leak all data allegedly stolen from Infinite Campus.
The hackers gave the company until March 25 to initiate contact and negotiate a ransom to prevent a data leak. However, Infinite Campus said that it will not engage with the attacker.
ShinyHunters claims to have stolen Salesforce records containing personally identifiable information (PII) and various internal corporate data.
ShinyHunters lists Infinite Campus on its dark web site
Source: BleepingComputer
Infinite Campus is a U.S.-based education technology (EdTech) company that provides a student information system (SIS) to more than 3,200 school districts in the United States. Currently, its software applications manage data of 11 million students in 46 states.
Although Infinite Campus did not name ShinyHunters as the threat actor, it described the intruder as “part of a group known for targeting the Salesforce accounts of hundreds of companies.”
... continue reading