26.05.2026
4 min
190
7-Eleven has confirmed a massive data breach following a cyberattack by the ShinyHunters group, which exposed the personal information of more than 185,000 people.
According to data breach notification service Have I Been Pwned, the ShinyHunters extortion gang stole personal information belonging to more than 183,000 people after breaching systems belonging to retail giant 7-Eleven in April.
Founded in 1927, 7-Eleven now operates, franchises, and licenses more than 86,000 stores worldwide, including around 13,000 locations across the United States and Canada. The company also runs and franchises Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits. Its 7Rewards and Speedy Rewards loyalty programs together have more than 100 million members.
In breach notification letters sent to affected customers on May 1, the company said attackers gained access to some 7-Eleven systems in early April and stole data belonging to an undisclosed number of individuals.
“We recently discovered that on April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents,” the company said.
While 7-Eleven did not officially attribute the attack to any specific threat group and shared very few technical details about the incident, the ShinyHunters extortion group claimed responsibility for the breach on April 17.
The cybercriminals said they stole more than 600,000 records containing corporate data and personal information after compromising 7-Eleven’s Salesforce environment. After the company allegedly refused to pay a ransom in exchange for deleting the stolen data, the group published a 9.4 GB archive of documents on its dark web leak site.
Although a 7-Eleven spokesperson did not respond to requests for comment regarding the ShinyHunters claims or the number of affected individuals, Have I Been Pwned analyzed the leaked data published by the cybercrime group and said the breach exposed information belonging to 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses.
“The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth, and phone numbers. A small number of records also contained additional exposed data fields,” the notification states. “The company later confirmed the breach was limited to ‘certain 7-Eleven systems used to store franchisee documents,’ which aligns with the exposed data.”
Over the past year, ShinyHunters has aggressively targeted Salesforce customers and breached the systems of hundreds of companies, claiming to have stolen billions of records.
Two weeks ago, the FBI warned victims linked to ShinyHunters attacks not to give in to extortion demands, stressing that paying a ransom does not guarantee the attackers will avoid selling the stolen data to other cybercriminals or attempting to extort victims again later.
