7-Eleven confirmed a breach of franchisee systems. ShinyHunters leaked 185,300 records including SSNs and driver's licenses. Free credit monitoring offered.

Continue reading
Convenience store chain 7‑Eleven confirmed a data breach that exposed the personal information of approximately 185,300 individuals after the ShinyHunters extortion group compromised systems used to store franchisee documents in April 2026.
The incident was formally added to the Have I Been Pwned (HIBP) breach-notification service on May 24, 2026, which verified 185,300 unique accounts in the leaked dataset.
7‑Eleven discovered unauthorized access on April 8, 2026, after an unknown third party gained entry to _“certain 7‑Eleven systems used to store franchisee documents,”_ according to a notice filed with the Maine Attorney General’s Office on May 15. The company’s Chief Information Security Officer, Jim Kastle, signed the notification letter sent to affected individuals.
The breach affected 50 franchisees across Massachusetts, Vermont, and Maine, according to state filings. HIBP confirmed 185,300 unique accounts in the leaked data. 7‑Eleven stated it has “no reason to believe that customer data was affected.”
Compromised records included names, dates of birth, email addresses, phone numbers, and physical addresses. A subset of records also contained Social Security numbers and driver’s license numbers, according to breach notices filed with state regulators. HIBP noted that a small number of leaked records contained additional exposed data fields.
The ShinyHunters extortion group claimed responsibility for the attack, stating it stole more than 600,000 records from 7‑Eleven’s Salesforce environment. The group listed 7‑Eleven alongside dozens of other victims in a broader “pay‑or‑leak” extortion campaign. 7‑Eleven has not officially attributed the breach to a specific threat actor.
The pay‑or‑leak extortion model used by ShinyHunters pressures victims to pay a ransom to prevent public release of stolen data. After the extortion attempt, the 7‑Eleven data was ultimately leaked online in April 2026. Law firms have announced investigations into potential class‑action lawsuits on behalf of affected individuals.
7‑Eleven launched an investigation with a third‑party forensic security firm and notified law enforcement. The company is offering 24 months of complimentary identity‑theft protection and CyberScan credit monitoring through IDX to affected individuals. Notification letters advised recipients to monitor account statements, review credit reports, and consider placing fraud alerts or credit freezes with Equifax, Experian, and TransUnion.
The ShinyHunters group has been active since May 2020 and specializes in large‑scale data theft and extortion targeting major companies across technology, finance, and retail sectors. The FBI recently issued a guidance document urging victims of ShinyHunters not to pay ransoms, warning that stolen data could be sold to other cybercriminals or reused in future attacks.
Affected individuals should check whether their email address appears in the breach via HIBP. Security practitioners should review access controls on franchise‑management systems and enforce multi‑factor authentication on all externally facing SaaS platforms, particularly Salesforce environments that store franchisee and partner data.
The 7‑Eleven incident extends a pattern of ShinyHunters targeting franchise and SaaS ecosystems to harvest bulk personal data for extortion, a tactic the group has repeated across multiple verticals in the first half of 2026.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation