Cyber Incident Victim: 7-Eleven

On April 8, 2024, 7-Eleven experienced a data breach that affected 50 franchisees located in Massachusetts, Vermont, and Maine. The breach was disclosed through documents filed with each state on May 15 and May 16. Compromised information included social security numbers, driver’s license numbers, names, and addresses of the franchisees. According to the state filings, forty‑seven individuals were impacted in Massachusetts, two in Maine, and one in Vermont. A 7‑Eleven spokesperson stated that there was no reason to believe that customer data had been affected by the incident. The spokesperson also noted that the company had not observed any disruption to its store operations as a result of the breach.

Upon discovering suspicious activity, 7‑Eleven immediately launched an investigation and began taking steps to contain the incident. The company notified law enforcement and retained third‑party cybersecurity experts to assist with the response. 7‑Eleven identified a limited number of current, former, and prospective franchisees whose data was involved in the breach. The organization began contacting those affected individuals to inform them of the compromise. As part of its response, 7‑Eleven offered identity theft protection and other support services to the impacted franchisees. The spokesperson emphasized that the breach was limited in scope and did not extend to customer information. Irving, Texas‑based 7‑Eleven operates more than 12,700 stores across the United States.