shinyhunters Hits: Follett
The ShinyHunters claim against Follett Software deserves more K–12 attention.
As of now, the Follett incident appears to be an unverified threat-actor claim, not a fully confirmed breach. Multiple breach-intel sites report that ShinyHunters listed Follett Software around April 30–May 1, alleging access to 4M+ Salesforce records containing PII and internal corporate data. I have not found a public confirmation from Follett, Salesforce, or law enforcement.
The bigger story is the pattern: ShinyHunters has been repeatedly targeting education and edtech, especially SaaS/Salesforce-connected environments. That matters for K–12 because vendors like Follett sit close to student, staff, library, asset, and district operational data.
Is the lack of press because of the Canvas breach? Canvas/Instructure has dominated headlines because it involved nearly 9,000 institutions, claimed 275M users, service disruption during finals, and an announced agreement with the hackers.
But Follett still matters. Districts should not wait for national coverage before asking vendors hard questions:
What data was accessed?
Were student or staff records involved?
Was Salesforce or a third-party integration the entry point?
What logs were reviewed?
Will districts receive formal breach notifications?
What indicators of compromise can customers monitor?
K–12 cannot treat vendor breaches as background noise anymore. The attack surface is now the ecosystem.