GoKawiilConvenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month.
Founded in 1927, 7-Eleven now operates, franchises, and licenses over 86,000 stores globally, including 13,000 stores in the U.S. and Canada, while its 7Rewards and Speedy Rewards loyalty programs have more than 100 million members.
In addition to 7-Eleven stores, the retail giant also operates and franchises Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits locations worldwide.
As detailed in data breach notifications sent to affected individuals on May 1 and filed in multiple U.S. states on Friday, the company discovered in early April that attackers gained access to some 7-Eleven systems and the personal information of an undisclosed number of individuals.
"We recently discovered that on April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents," 7-Eleven said.
"We take the security of your personal information very seriously and immediately launched an investigation in order to assess the affected documents and bring this to your attention. We also wanted to apologize for any inconvenience this may cause you."
However, while 7-Eleven didn't share further information on the incident or the number of people affected by the resulting data breach, the ShinyHunters cybercrime gang claimed responsibility for the attack on April 17.
The extortion gang says they've allegedly stolen over 600,000 records containing corporate data and personally identifiable information after breaching the company's Salesforce environment.
7-Eleven entry on ShinyHunters' leak site (BleepingComputer)
Less than a week after claiming the breach, ShinyHunters leaked a 9.4GB archive of documents on their dark web leak site after the company refused to pay a ransom to have the stolen data returned and destroyed.
... continue reading