Cyber Incident Victim: 7-Eleven
Date:
Aug 2022
Location:
Denmark
Summary
A cyberattack disrupted payment and checkout systems at 7-Eleven stores in Denmark, forcing the temporary closure of all 175 locations, with five later reopening. The incident rendered cash registers inoperable, prompting employees to alert management, who described the outage as unprecedented. While no specifics on the attack's origin or ransomware involvement were confirmed, the event followed a separate incident days earlier where store displays in Taiwan were compromised to broadcast political messages. The company also experienced prior security issues, including a fraudulent payment app exploit in Japan that exposed customer accounts and resulted in significant financial losses. These disruptions align with broader retail sector cyber threats targeting point-of-sale systems and managed service providers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 5 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 8, 2022, 7-Eleven stores across Denmark abruptly closed following a cyberattack that disrupted payment systems and checkout operations nationwide. The incident began in the early morning hours, with employees discovering malfunctioning cash registers incapable of processing transactions. Company management confirmed the outage through a Facebook statement, indicating they had likely "been exposed to a hacker attack" that prevented stores from accepting payments. This prompted the immediate closure of all 175 Danish locations to assess the attack’s scope. An employee from a Copenhagen store corroborated the shutdown on Reddit, explaining that all stores relied on the same compromised system, forcing nationwide closures with posted customer notices. Initial investigations revealed no evidence of ransomware involvement, though the attack vector remained unidentified. By the following morning, 7-Eleven partially restored operations at five stores while keeping others closed pending further analysis. Danish manager Jesper Ostergaard described the incident as unprecedented, noting systems failed simultaneously without prior warning. The company provided no additional technical details beyond its initial statement, leaving the attack’s origin and method unresolved during the immediate aftermath.
The Denmark incident marked 7-Eleven’s second cybersecurity disruption within a week, following an unrelated August 3rd breach in Taiwan where store displays broadcast unauthorized political messages targeting U.S. Speaker Nancy Pelosi. Historical vulnerabilities also resurfaced, including a 2019 flaw in 7-Eleven Japan’s payment app that allowed hackers to steal ¥55 million ($500,000) by exploiting default birthdate settings. The Denmark attack mirrored recent retail sector disruptions, such as Co-op Sweden’s 2021 closure of 500 stores and Spar UK’s 2022 ransomware incident affecting 600 locations—both linked to supply chain compromises via managed service providers. While 7-Eleven’s Danish systems showed no confirmed ties to ransomware, cybersecurity experts noted that operational outages frequently correlate with such attacks. The company’s response focused on containment through store closures and system diagnostics, avoiding public speculation on attribution or data compromise. Financial and reputational impacts were not quantified, though the nationwide shutdown underscored dependencies on centralized payment infrastructure vulnerable to single-point failures.