7-Eleven Cyber Extortion Attack Exposes Personal Info Of 185K People
In a letter sent to victims the company says that “we recently discovered that on April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents.” ShinyHunters was demanding a ransom payment from 7-Eleven for the stolen data, which the company didn’t end up paying, leading to 9.4GB of data being leaked online by the group.

Have I Been Pwned sifted through the data dump and shared that the “incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers.” This has led 7-Eleven to offer victims 24 months of free identity theft protection through CyberScan monitoring, which is standard practice when these kinds of incidents occur.
7-Eleven isn’t the only company to have a run in with ShinyHunters. The group has been targeting organizations who utilize the Salesforce platform, that have misconfigured instances and are running malicious OAuth applications stemming from Salesforce’s own data breach. This includes successful hacks of Cisco, Google, security firm ADT, and Rockstar Games, to name a few.
Those who have received the notification letter from 7-Eleven should sign up for the free credit monitoring as soon as possible to to help protect against identity theft.