7-Eleven Data Breach Exposes Personal Information of 185,000 People

Executive Summary

Convenience store giant 7-Eleven has disclosed a data breach that exposed the personal information of approximately 185,300 individuals after unauthorized actors accessed systems containing franchisee documents in early April 2026. The ShinyHunters extortion gang claimed responsibility, leaked a 9.4GB archive of stolen data, and is now selling it on underground forums after the company refused to pay a ransom.

What Happened

On April 8, 2026, an unauthorized third party gained access to certain systems within 7-Eleven’s infrastructure that were used to store franchisee documents. The company, which operates more than 86,000 stores worldwide—including over 13,000 locations across the United States and Canada—discovered the intrusion and launched an investigation. By May 1, 2026, 7-Eleven began mailing data breach notification letters to affected individuals, and also filed a breach notice with the Maine Attorney General’s Office.

While 7-Eleven has not publicly attributed the attack to a specific threat actor, the notorious ShinyHunters extortion gang claimed responsibility on April 17, 2026. The group alleged it had stolen over 600,000 records containing corporate data and personally identifiable information (PII) after breaching 7-Eleven’s environment. When the company refused to meet their ransom demands by the April 21 deadline, ShinyHunters published the stolen data on its dark web leak site and subsequently offered it for sale on a Russian hacking forum.

This is not the first time 7-Eleven has faced a significant cyberattack. In August 2022, 7-Eleven Denmark suffered a ransomware attack that encrypted systems and forced the temporary closure of 175 stores. However, the two incidents appear unrelated.

Technical Details

The exact initial access vector remains unconfirmed by 7-Eleven, but ShinyHunters claimed the breach occurred through the company’s Salesforce environment. Over the past year, ShinyHunters has aggressively targeted Salesforce instances across major organizations, leveraging techniques such as phishing, malicious third-party integrations, and misconfigurations to exfiltrate data.

The attackers reportedly extracted a 9.4GB archive of documents. The FBI has previously warned organizations victimized by ShinyHunters not to pay ransoms, noting that payment provides no guarantee the stolen data will not be sold to other cybercriminals or used in future extortion attempts.

Notable organizations previously targeted by ShinyHunters include the European Commission, Vimeo, Zara, MANGO, McGraw-Hill, ADT, Medtronic, PornHub, Rockstar Games, Match Group, Cisco, and Google.

Impact

Have I Been Pwned, a widely trusted data breach notification service, analyzed the leaked dataset and confirmed that the incident exposed the personal information of approximately 185,300 people. The compromised data includes:

• Names
• Dates of birth
• Unique email addresses
• Phone numbers
• Physical addresses

For a small number of records, additional data fields were also exposed. The dataset is consistent with 7-Eleven’s statement that the breach was limited to “certain 7-Eleven systems used to store franchisee documents.”

Given 7-Eleven’s massive global footprint and its 7Rewards and Speedy Rewards loyalty programs—which collectively serve more than 100 million members—the breach raises broader concerns about the security of franchisee-facing systems and the potential for follow-on social engineering campaigns.

What To Do Now

If you receive a breach notification from 7-Eleven, or suspect your information may be affected, take the following steps immediately:

1. Monitor Financial Accounts: Review bank statements, credit card transactions, and credit reports for unauthorized activity.
2. Watch for Phishing: Be extra cautious of emails, text messages, or phone calls that use your name, address, or birth date to appear legitimate. Do not click unsolicited links or provide additional personal information.
3. Strengthen Account Security: Change passwords on any accounts that may share credentials with 7-Eleven-related services. Enable multi-factor authentication (MFA) on all critical accounts.
4. Credit Protection: Consider placing a fraud alert or security freeze with Equifax, Experian, and TransUnion to prevent identity thieves from opening new accounts in your name.
5. Check Have I Been Pwned: Visit haveibeenpwned.com to verify whether your email address appears in the leaked dataset.

Timeline

Date	Event
April 8, 2026	Unauthorized third party gains access to 7-Eleven franchisee document systems.
April 17, 2026	ShinyHunters claims responsibility and lists 7-Eleven on its dark web leak site.
April 21, 2026	Ransom deadline passes; data later offered for sale on a Russian forum.
Late April 2026	Stolen data is published online and indexed by Have I Been Pwned.
May 1, 2026	7-Eleven begins sending breach notification letters to affected individuals.
May 2026	Breach notice filed with the Maine Attorney General’s Office; impact confirmed at ~185,300 people.

Sources

1. BleepingComputer — “7-Eleven data breach exposes personal information of 185,000 people”
   https://www.bleepingcomputer.com/news/security/7-eleven-data-breach-exposes-personal-information-of-185-000-people/

2. SecurityWeek — “185,000 Likely Impacted by 7-Eleven Data Breach”
   https://www.securityweek.com/185000-likely-impacted-by-7-eleven-data-breach/

3. Have I Been Pwned — “7-Eleven Breach Analysis”
   https://haveibeenpwned.com/breach/7-eleven