Convenience store giant 7-Eleven has confirmed a data breach that exposed the personal information of more than 185,000 individuals following a cyberattack linked to the ShinyHunters extortion group.
The breach was first detected on April 8, 2026, after attackers gained unauthorized access to systems used to store franchisee-related documents, according to data breach notices filed by the company. 7-Eleven said the compromised systems contained sensitive personal information submitted during franchise application and management processes.
HaveIBeenPwned later added the incident to its breach notification database, reporting that 185,300 unique email addresses were exposed in the leak. The compromised data reportedly includes names, physical addresses, phone numbers, dates of birth, and other personally identifiable information. Some records also contained additional sensitive fields.
The ShinyHunters cybercrime group claimed responsibility for the attack in April and alleged it had stolen more than 600,000 Salesforce records tied to 7-Eleven operations. The group later published a 9.4GB archive of stolen files on its dark web leak site after ransom negotiations reportedly failed.
According to reports, the attackers claimed the stolen dataset included internal corporate documents alongside customer and franchisee information. Security researchers believe the incident may be connected to a broader campaign targeting Salesforce environments through phishing attacks, stolen credentials, or abused third-party integrations rather than vulnerabilities within Salesforce itself.
7-Eleven has not publicly confirmed the full scope of the exposed data or officially attributed the attack to ShinyHunters. However, the company acknowledged that unauthorized access occurred and said it launched an investigation immediately after discovering the intrusion. The retailer also retained external cybersecurity specialists and notified law enforcement agencies.
The company stated there is currently no evidence that customer payment systems or core retail operations were impacted during the incident. 7-Eleven also emphasized that the breach affected a “limited number” of current, former, and prospective franchisees.
Affected individuals are being offered up to two years of identity theft protection and dark web monitoring services. Security experts recommend that impacted users monitor financial statements, enable multi-factor authentication, and remain cautious of phishing attempts referencing leaked personal information.
The incident adds to a growing list of cyberattacks linked to ShinyHunters, a threat group known for targeting major companies and cloud-based platforms. The group has previously claimed responsibility for attacks involving companies including ADT, Vimeo, Medtronic, and Instructure as part of broader data theft and extortion campaigns.