7-Eleven breach – 7-Eleven says attackers accessed some systems used to store franchisee documents on April 8, 2026, after a breach discovered in early April. The ShinyHunters extortion gang claimed responsibility on April 17 and posted a 9.4GB archive after 7-Eleven refused ra
By the time the notification letters landed, the damage was already out in the open.
7-Eleven told affected customers in data breach notification letters sent on May 1 that attackers gained access to some 7-Eleven systems in early April and stole information from an undisclosed number of individuals. In the letter. the company said it “recently discovered that on April 8. 2026. an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents.”.
For millions of customers and thousands of franchisees, the number that matters is the one that follows: the estimate of how many people had their data taken.
Have I Been Pwned analyzed the data leaked by the extortion group and said the breach exposed the data of 185. 300 people. The exposed information included names, dates of birth, unique email addresses, phone numbers, and physical addresses. It also said a small number of records contained additional exposed data fields. The analysis added that the company later advised the breach was limited to “certain 7-Eleven systems used to store franchisee documents. ” a statement it said aligned with what was found in the exposed data.
7-Eleven has not publicly attributed the incident to a specific hacking group or threat actor and has not provided further details beyond the description in its customer letters. But the criminal group behind the leak claims it was responsible.
The ShinyHunters extortion gang said it had carried out the attack, claiming responsibility on April 17. The group asserted that it stole over 600. 000 records containing corporate data and personally identifiable information after breaching 7-Eleven’s Salesforce environment. After 7-Eleven refused to pay a ransom to have the stolen data returned and destroyed. ShinyHunters leaked a 9.4GB archive of documents on its dark web leak site.
That tension—between what the company said was accessed and what the leaked material appears to include—is where the risk lands for real people. When names. birth dates. phone numbers. and home addresses appear in leaked data. the threat doesn’t stop at embarrassment or inconvenience. It can become fuel for impersonation, targeted scams, and long-tail identity fraud.
The scale of 7-Eleven as a business only makes the fallout harder to contain. Founded in 1927, 7-Eleven now operates, franchises, and licenses more than 86,000 stores worldwide, including 13,000 stores in the U.S. and Canada. It also operates and franchises Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits locations. Its 7Rewards and Speedy Rewards loyalty programs have over 100 million members.
This incident also adds to a pattern of attacks tied to Salesforce environments. ShinyHunters has been targeting Salesforce customers for the past year. claiming it has stolen billions of records in the Salesforce Aura data theft attacks and the Salesloft Drift campaign. The group has also claimed other recent breaches. including the European Commission. video service Vimeo. Spanish fast-fashion retailers Zara and MANGO. edtech giant McGraw-Hill. home security giant ADT. medical device maker Medtronic. PornHub. Rockstar Games. online dating giant Match Group. as well as tech giants Cisco and Google.
There’s another layer to 7-Eleven’s history with cyberattacks too. 7-Eleven Denmark confirmed it was a victim of a ransomware attack in August 2022, when attackers encrypted some of its systems and forced the chain to shut down 175 stores.
Two weeks before this latest breach reporting, the FBI advised ShinyHunters’ victims not to give in to the threat actors’ demands. It warned that paying ransoms does not guarantee that threat actors won’t attempt to sell stolen data to other cybercriminals or extort victims again.
For those notified on May 1, the point is simple and unsettling: even when companies describe the access narrowly, the leaked information—names, dates of birth, unique email addresses, phone numbers, and physical addresses—can still put a large number of people directly in harm’s way.
7-Eleven breach ShinyHunters Have I Been Pwned Salesforce hack extortion gang data breach notification ransomware personal information exposed
So they got 185k people… cool cool.
Is this why my 7-Eleven app keeps signing me out? Like I didn’t even go there on April 8 or whatever but now I gotta change my email? This stuff is always vague too, “certain systems” like that helps.
If it’s franchisee documents only then why does it say customers? Half the time these hacks are just them admitting they have no clue which part got hit. ShinyHunters posting a 9.4GB archive sounds like those old data dumps from years ago, like nothing ever gets fixed anyway.
Wait so April 8 was the hack but they didn’t tell people until May 1?? That’s like a whole month of “maybe your info is out there” and then letters arrive like it’s a surprise. Also if they have DOB and addresses, isn’t that basically identity theft already? I saw something online it was actually an inside job at some franchise, like a cashier swipe thing, so idk… seems way deeper than they’re saying.