Infinite Campus Breach Exposes 137,000 Staff Accounts — What Is A Data Breach

Infinite Campus exposed personal information from more than 137,000 school staff accounts. The breach followed a compromise of the company’s Salesforce environment, and the stolen records were later leaked online. For schools that rely on the platform, what is a data breach is no longer an abstract question; it is now a live question about staff data.

137k email addresses leaked

Have I Been Pwned said the leaked dataset contained 137k unique email addresses, names, phone numbers, physical addresses and support tickets. Those fields are enough to turn a routine account exposure into a broader privacy problem for staff members whose contact details may now circulate beyond school systems.

Infinite Campus reaches 3,200 districts

Infinite Campus serves more than 3,200 school districts across 46 states, and it supports approximately 11 million students. That scale makes the breach more than a single-company problem, because the same student information system sits inside district operations that handle staff records, support requests and everyday administration.

Schools face cloud risk

The incident shows the cybersecurity risk schools take on when they rely on third-party cloud platforms to manage sensitive operational data. A Salesforce environment can hold far more than login credentials, which means one intrusion can expose names, contact details and internal support tickets at the same time.

For affected staff, the practical move is to treat any unexpected email or phone contact with caution and to review accounts that may reuse the same credentials or contact details. The unresolved issue is how many districts were touched by the leaked records and whether any further data from the Salesforce environment will surface.