Geo
Jun 17, 20261
59%
Cybercriminal Groups Intensify Attacks on Education Sector, Breaching Thousands of Accounts
Cybercriminal groups ShinyHunters and FulcrumSec have launched major attacks on educational institutions, breaching over 137,000 school staff accounts through the Infinite Campus system and disrupting operations at the Global Schools Foundation across multiple countries. The incidents highlight the education technology sector's vulnerability to sophisticated cyber threats and data exfiltration attacks.
Quick Facts
Who
Resecurity
What
Cybercriminal groups targeted educational institutions
When
March 2026 - Infinite Campus data theft attack
Where
Glendale Community College
- Cybercriminal groups targeted educational institutions
- Data breach via Salesforce affecting Infinite Campus
- Ransomware attack on Global Schools Foundation
- Personal information stolen from school staff accounts
- Disruption of educational services across multiple countries
The education technology sector is facing an escalating cybersecurity crisis, according to a warning from Resecurity. Cybercriminal groups including ShinyHunters and FulcrumSec have launched sophisticated attacks against educational institutions, exploiting vulnerabilities in widely used systems and exposing sensitive data belonging to students, staff, and administrators.
ShinyHunters has claimed responsibility for breaching multiple educational institutions in June 2026, including Glendale Community College, Moody Bible Institute, Illinois Central College, and Houston City College. The group exploited vulnerabilities in the Infinite Campus K-12 student information system during a Salesforce data theft attack in March 2026, stealing personal information from more than 137,000 school staff accounts. Infinite Campus, which serves over 3,200 school districts across the United States and manages data for 11 million students in 46 states, has emerged as a critical target due to its widespread adoption in the education sector.
In a separate incident, the ransomware group FulcrumSec claimed responsibility for a major attack on the Global Schools Foundation (GSF), an international network of educational institutions headquartered in Singapore. The attack, which occurred in early June 2026, resulted in significant data exfiltration from critical systems and disrupted operations across GSF's schools in multiple countries, preventing students and staff from accessing essential services.
These incidents underscore the growing sophistication of cyber extortion tactics targeting the education sector and the sector's vulnerability to coordinated attacks on widely used platforms. Security experts warn that educational institutions remain attractive targets for cybercriminals due to the sensitive nature of student and staff data and the critical infrastructure they maintain.
Why This Matters
Education institutions worldwide are increasingly targeted by sophisticated cyber extortion groups due to the sensitive nature of student and staff data they hold. These breaches disrupt critical services, compromise personal information of millions, and demonstrate that widely-adopted education platforms require immediate security hardening. For schools, students, and parents, this underscores the urgent need for enhanced cybersecurity investment and incident response protocols to protect both operations and privacy.
Timeline & Sources
Jun 1, 2026
WireFulcrumSec launched ransomware attack on Global Schools Foundation
Jun 16, 2026
WireShinyHunters announced new victims from educational institutions including Glendale Community College and Moody Bible Institute
Jun 17, 2026
WireResecurity published warning about escalating EdTech sector cyberattacks