7-Eleven Data Breach Exposes Personal Information of 185,000 People
The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned.
7-Eleven, founded in 1927, operates, franchises, and licenses more than 86,000 stores worldwide, including 13,000 stores in the U.S. and Canada. The company also operates and franchises Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits locations, and its 7Rewards and Speedy Rewards loyalty programs have over 100 million members.
Notification of the Breach
The company revealed in data breach notification letters sent to affected customers on May 1 that attackers stole the data of an undisclosed number of individuals after gaining access to some 7-Eleven systems in early April. According to 7-Eleven, "We recently discovered that on April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents."
While 7-Eleven has not attributed the attack to a specific hacking group or threat actor and has not shared further details on the incident, the ShinyHunters extortion gang claimed responsibility for the attack on April 17. The cybercriminals claimed to have stolen over 600,000 records containing corporate data and personally identifiable information after breaching 7-Eleven's Salesforce environment.
Leaked Data and Affected Individuals
Have I Been Pwned analyzed the data leaked by the cybercrime group and said the breach exposed the data of 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses. "The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields," it said.
A 7-Eleven spokesperson didn't reply when BleepingComputer reached out to confirm ShinyHunters' claims and share the number of affected individuals. However, the company advised that the breach was limited to 'certain 7-Eleven systems used to store franchisee documents,' a statement consistent with the exposed data.
Previous Attacks and ShinyHunters' Activities
7-Eleven Denmark also confirmed it was the victim of a ransomware attack in August 2022, after the attackers encrypted some of its systems and forced the chain to shut down 175 stores. ShinyHunters has been targeting Salesforce customers for the past year and breached hundreds of companies, claiming they've stolen billions of records in the Salesforce Aura data theft attacks and the Salesloft Drift campaign.
Other breaches recently claimed by ShinyHunters include the European Commission, video service Vimeo, Spanish fast-fashion retailers Zara and MANGO, edtech giant McGraw-Hill, home security giant ADT, medical device maker Medtronic, PornHub, Rockstar Games, online dating giant Match Group, as well as tech giants Cisco and Google.
FBI Warning and Recommendations
Two weeks ago, the FBI advised ShinyHunters' victims not to give in to the threat actors' demands, after previously warning that paying ransoms does not guarantee that threat actors won't attempt to sell the stolen data to other cybercriminals or extort the victims again.
In light of this breach and others like it, it is essential for companies to prioritize their cybersecurity measures and take proactive steps to protect their customers' personal information.
Source: BleepingComputer