7-Eleven has confirmed that hackers breached internal systems in April after the ShinyHunters extortion group claimed responsibility for stealing company data and franchisee records.
The convenience store giant said it discovered the intrusion on April 8, 2026, after an unauthorized third party gained access to systems used to store franchisee application documents. According to notification letters filed with the Maine Attorney General’s Office, the attackers accessed information submitted during franchise applications, including names, addresses, and additional undisclosed data elements.
7-Eleven has not disclosed how many people were affected or exactly what categories of information were exposed. The company also has not confirmed whether financial records, Social Security numbers, or login credentials were compromised during the incident.
The disclosure came weeks after ShinyHunters added 7-Eleven to its dark web leak site as part of the group’s ongoing “pay-or-leak” extortion campaign. The hackers claimed they stole more than 600,000 Salesforce-related records containing corporate and personal information tied to the company.
While 7-Eleven did not officially attribute the breach to ShinyHunters, the timing of the company’s disclosure closely aligns with the group’s public claims. Researchers tracking the campaign believe the attack may be connected to broader exploitation targeting Salesforce Experience Cloud environments and third-party cloud infrastructure.
According to reports, ShinyHunters has recently targeted multiple companies through cloud-hosted services, analytics platforms, and Salesforce-related environments. The group allegedly exploited misconfigured Experience Cloud instances and authentication weaknesses to extract customer and internal business data from hundreds of organizations.
7-Eleven said it immediately launched an investigation with assistance from external cybersecurity specialists and has since “remediated the incident.” The company is also offering affected individuals 24 months of free identity theft protection and credit monitoring services through IDX.
The retailer advised affected individuals to monitor financial accounts, review credit reports, and consider placing fraud alerts or credit freezes with major credit bureaus.
The breach could have broader implications because of 7-Eleven’s massive franchise network. Nearly 75% of the company’s US stores operate under franchise ownership, meaning franchise application systems may contain extensive business and personal records tied to prospective operators and partners.
ShinyHunters has become one of the most active extortion groups linked to large-scale cloud and SaaS-related breaches over the past year. The group has previously claimed attacks involving companies such as Zara, ADT, Rockstar Games, Instructure, Wynn Resorts, and the European Commission.