EdTech Faces a Cybersecurity Crisis: Data Breaches Surge

EdTech firms face rising cyberattacks as ShinyHunters and FulcrumSec target schools, exposing sensitive data and disrupting services.

Resecurity (USA) warns the education technology (EdTech) sector has become a prime target for cybercriminals, as attacks against educational institutions and related platforms continue to escalate. Recent high-profile incidents, including attacks by groups such as ShinyHunters and FulcrumSec, highlight the vulnerability of educational organizations and the increasing sophistication of cyber extortion tactics.

Today (June 16, 2026) — ShinyHunters announced new victims, including, but not limited to Glendale Community College, Moody Bible Institute, Illinois Central College, Houston City College. The gang also stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. Infinite Campus is an education technology (EdTech) company that provides a student information system (SIS) to over 3,200 school districts across the United States, managing data for 11 million students in 46 states.

In another devastating incident, the group FulcrumSec has claimed responsibility for a massive ransomware attack targeting the Global Schools Foundation (GSF), an international network of educational institutions headquartered in Singapore. The attack, which occurred in early June 2026, resulted in large-scale data exfiltration from critical systems across GSF’s schools in multiple countries, disrupting operations, and leaving students and staff unable to access essential services.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, EdTech Faces)