Skip to content
Tech News
← Back to articles

7-Eleven data breach exposes personal information of 185,000 people

2026-05-26 | original
read original get Data Breach Notification Sticker → more articles
Why This Matters

The 7-Eleven data breach highlights the increasing threat of cyberattacks targeting large retail chains, exposing millions of consumers to identity theft and fraud. This incident underscores the importance for companies to bolster cybersecurity measures and for consumers to remain vigilant about their personal information. As cybercriminals continue to target high-profile organizations, the industry must prioritize data protection to maintain trust and security.

Key Takeaways

The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned.

Founded in 1927, 7-Eleven now operates, franchises, and licenses more than 86,000 stores worldwide, including 13,000 stores in the U.S. and Canada. 7-Eleven also operates and franchises Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits locations, and its 7Rewards and Speedy Rewards loyalty programs also have over 100 million members.

The company revealed in data breach notification letters sent to affected customers on May 1 that attackers stole the data of an undisclosed number of individuals after gaining access to some 7-Eleven systems in early April.

"We recently discovered that on April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents," 7-Eleven said.

While 7-Eleven has not attributed the attack to a specific hacking group or threat actor and has not shared further details on the incident, the ShinyHunters extortion gang claimed responsibility for the attack on April 17.

The cybercriminals claimed to have stolen over 600,000 records containing corporate data and personally identifiable information after breaching 7-Eleven's Salesforce environment. They then leaked a 9.4GB archive of documents on their dark web leak site after the company refused to pay a ransom to have the stolen data returned and destroyed.

7-Eleven entry on ShinyHunters' leak site (BleepingComputer)

Although a 7-Eleven spokesperson didn't reply when BleepingComputer reached out to confirm ShinyHunters' claims and share the number of affected individuals, Have I Been Pwned analyzed the data leaked by the cybercrime group and said the breach exposed the data of 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses.

"The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields," it said. "The company later advised the breach was limited to 'certain 7-Eleven systems used to store franchisee documents,' a statement consistent with the exposed data."

7-Eleven Denmark also confirmed it was the victim of a ransomware attack in August 2022, after the attackers encrypted some of its systems and forced the chain to shut down 175 stores.

... continue reading

Explore topics: 7-eleven shinyhunters salesforce data breach dark web
Related:
Salesforce Has an AI Vaporware Problem
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
Trump Mobile Exposed Customers' Personal Data, Including Phone Numbers and Home Addresses
Trump Mobile Leaks Customers’ Data and the Phone Isn’t Even Out Yet
Trump Mobile exposed customers' personal data

© 2026 GoKawiil

About | Editorial Policy | Contact