7-Eleven data breach exposes data of 185,000 people

ShinyHunters claims it stole 7-Eleven records later found to contain names, contact details and dates of birth.

7-Eleven confirms April intrusion

7-Eleven has confirmed a cyberattack involving systems used to store franchise documents, after an intruder gained access on April 8, 2026. The company started notifying affected individuals in May, though it has not publicly attributed the incident to a specific group.

The breach has since been linked to ShinyHunters, a prolific extortion gang that claimed responsibility in April. Have I Been Pwned (HIBP) later analyzed the leaked data and reported 185,300 people were exposed.

What information was exposed

The compromised records reportedly included names, unique email addresses, phone numbers, physical addresses and dates of birth. A small number of entries contained additional fields, potentially exposing individuals to targeted phishing and identity theft.

ShinyHunters claimed it stole more than 600,000 records from a 7-Eleven Salesforce environment before leaking a 9.4GB archive after alleged ransom talks failed. 7-Eleven has not commented on the group’s technical claims.

Managing the fallout of data breaches

Anyone affected should watch for emails, calls or texts referencing 7-Eleven, franchise operations, rewards programs or account verification. Scammers often use breached contact details to make follow-up messages look legitimate.

This is where services such as Bitdefender Digital Identity Protection can help. The tool extensively monitors exposed personal information across the public and dark web, alerts users when their data appears in breaches and helps them understand what personal details are circulating online.

ShinyHunters keeps targeting big brands

The 7-Eleven data breach is yet another addition to a growing list of target organizations, including Telus Digital, Rockstar Games, Udemy, and Instructure, claimed by ShinyHunters, which has recently shifted its crosshairs to corporate cloud and CRM environments. The group has been tied to attacks involving Salesforce-related data theft and extortion campaigns.

The FBI has warned victims against paying cybercriminals, noting that ransom payments do not guarantee stolen data will be deleted or prevent future extortion.