7-Eleven Confirms Data Breach Affecting 185,000 People After ShinyHunters Attack

7-Eleven confirmed a data breach affecting approximately 185,000 people after the hacker group ShinyHunters stole data from the company's internal systems in April 2026.

The company discovered the unauthorized access on April 8, 2026. ShinyHunters claimed responsibility on April 17, saying it had exfiltrated more than 600,000 Salesforce records containing personally identifiable information and internal corporate data.

After 7-Eleven refused to pay a ransom, the group published a 9.4 gigabyte archive of the stolen data on a dark web leak site. The group had previously offered the data for sale on a hacker forum for $250,000.

The compromised data included full names, physical addresses, email addresses, phone numbers, dates of birth, Social Security numbers, and operational and financial documentation related to franchise applications.

7-Eleven began sending breach notifications to affected individuals on May 1, 2026, and filed reports with state regulators in Maine, Massachusetts, and Vermont. The company is providing affected individuals with complimentary identity theft protection and CyberScan monitoring through IDX for up to 24 months.

ShinyHunters has been active throughout 2025 and 2026, targeting organizations including Instructure, Cisco, Google, and Rockstar Games. The group typically exploits misconfigurations, phishing, or third-party integrations within Salesforce environments.

The FBI has advised organizations targeted by ShinyHunters not to pay ransom demands, noting that payment does not guarantee the deletion of stolen data or prevent future extortion attempts.

Security experts say the breach is a reminder that consumer data attacks quickly become business, legal, and trust crises. Companies with large customer or franchisee footprints are attractive targets because even smaller datasets can create significant reputational damage and downstream fraud risk.