Cyber Incident Victim: 7-Eleven
Date:
Apr 2026
Location:
United States of America
Summary
7-Eleven experienced a cyberattack in which attackers gained access to an internal server used to store franchise documents and removed personal information including names, dates of birth, addresses, phone numbers, email addresses, and potentially Social Security numbers and driver’s license details. The intruders, identified as the ShinyHunters group, demanded a ransom, threatened to publish the data, and later offered the stolen records for sale on a hacker forum. The company confirmed the breach, began notifying affected individuals, and undertook measures to improve its security posture.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 8, 2026, 7-Eleven detected an intrusion into its systems used to store franchisee documents. The intrusion was later attributed to the hacker group ShinyHunters, which claimed responsibility for the breach on April 17 by posting about it on its leak website. ShinyHunters stated that it had stolen more than 600,000 Salesforce records containing personal information and corporate data from 7-Eleven. The group demanded a ransom payment by April 21, threatening to leak the data if the demand was not met. After the deadline passed, ShinyHunters offered to sell the stolen data for $250,000 on a popular hacker forum. The breach was recorded in April and reported by Have I Been Pwned as affecting over 185,000 individuals.
The stolen data includes customers' full names, dates of birth, home addresses, phone numbers, and email addresses. According to reports submitted to the Attorneys General of Maine and Massachusetts, the leaked data may also include highly sensitive information such as Social Security numbers and driver's license details. The information exposed was provided to 7-Eleven during franchise applications. 7-Eleven has not disclosed the total number of affected individuals but confirmed that only two Maine residents were identified as impacted. The company’s Chief Information Security Officer, Jim Kastle, stated that hackers accessed an internal server where franchise documents are stored.
In response to the incident, 7-Eleven began sending out security incident notices to affected parties. The company is taking measures to notify victims of the breach and to strengthen its security systems. 7-Eleven continues to work with law enforcement and regulatory bodies regarding the incident.