7-Eleven data breach hits 185,000 customers

The notorious ShinyHunters extortion group has compromised the systems of global convenience store chain 7-Eleven, stealing the personal data of more than 185,000 individuals in an April cyberattack, according to the data breach notification platform Have I Been Pwned.

Since its founding in 1927, 7-Eleven has grown into a massive retail operation, now running, franchising, and licensing over 86,000 stores worldwide. That includes roughly 13,000 locations in the U. S. and Canada, along with brands such as Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits. Its loyalty programs, 7Rewards and Speedy Rewards, collectively boast more than 100 million members.

In data breach notification letters sent to impacted customers on May 1, the company disclosed that attackers infiltrated certain internal systems in early April, though it did not specify the total number of affected individuals at the time.

“We recently discovered that on April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents,” the company stated.

7-Eleven has not officially identified which hacking group was behind the intrusion, nor has it released further incident details. However, on April 17, the ShinyHunters extortion gang publicly took credit for the attack.

The cybercriminals claimed they stole more than 600,000 records containing corporate data and personally identifiable information after breaching 7-Eleven’s Salesforce environment. When the company refused to pay a ransom to retrieve and destroy the stolen data, the group released a 9.4GB archive of documents on their dark web leak site.

A 7-Eleven spokesperson did not respond to BleepingComputer’s request for confirmation or details on the number of victims, but Have I Been Pwned analyzed the leaked data and concluded that the breach exposed 185,300 people. The compromised information includes names, dates of birth, unique email addresses, phone numbers, and physical addresses.

“The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields,” the service reported. “The company later advised the breach was limited to ‘certain 7-Eleven systems used to store franchisee documents,’ a statement consistent with the exposed data.”

This is not the first time 7-Eleven has faced a major security incident. In August 2022, 7-Eleven Denmark confirmed it was hit by a ransomware attack that encrypted some systems and forced the temporary closure of 175 stores.

ShinyHunters has been actively targeting Salesforce customers over the past year, claiming to have breached hundreds of companies and stolen billions of records through what it calls the Salesforce Aura and Salesloft Drift campaigns. Other high-profile victims the group has recently claimed include the European Commission, Vimeo, Zara, MANGO, McGraw-Hill, ADT, Medtronic, PornHub, Rockstar Games, Match Group, Cisco, and Google.

Two weeks ago, the FBI advised victims of ShinyHunters not to pay ransoms, warning that doing so does not prevent threat actors from selling the stolen data to other criminals or attempting further extortion.