7-Eleven Breach: Hackers Claim 600,000 Records Stolen
A system intrusion at 7-Eleven has escalated into a major data breach.
The retailer says an unauthorized third party gained access to its internal systems on April 8, exposing personal information associated with franchise applications. In breach notification letters dated May 1, the company said the attackers accessed “certain 7-Eleven systems used to store franchisee documents.”
7-Eleven added that the affected files contained personal details submitted during the franchise application process, such as names, addresses, and other identifying information.
“We take the security of your personal information very seriously and immediately launched an investigation in order to assess the affected documents and bring this to your attention,” the company wrote in the notice.
The convenience store giant said it hired a forensic investigation firm after discovering the intrusion and is offering up to 24 months of identity theft protection and CyberScan monitoring through IDX.
Leak tied to roughly 185,000 individuals
While 7-Eleven did not publicly disclose how many individuals were affected, breach-tracking service Have I Been Pwned later analyzed leaked files linked to the incident and estimated that roughly 185,300 people had their data exposed, according to a report from BleepingComputer.
The leaked information reportedly includes names, email addresses, phone numbers, dates of birth, and physical addresses. Some reports also noted that Social Security numbers appeared in a subset of records. BleepingComputer reported that the exposed data appeared consistent with 7-Eleven’s description of the compromised franchise-related systems.
ShinyHunters claims responsibility
The breach has been linked to the ShinyHunters extortion gang, a group that has repeatedly targeted major companies over the past year.
According to multiple reports, the hackers claimed to have stolen more than 600,000 records from a Salesforce environment connected to 7-Eleven. The group allegedly later published a 9.4GB archive of stolen files after ransom negotiations failed.
7-Eleven has not officially attributed the incident to ShinyHunters or confirmed the gang’s claims. SecurityWeek reported that the group listed 7-Eleven on its leak site in mid-April and later offered the data for sale on a Russian hacking forum.
The incident adds 7-Eleven to a growing list of organizations reportedly targeted by ShinyHunters, including companies in education, retail, entertainment, healthcare, and technology.
Cybersecurity researchers say the gang has increasingly targeted Salesforce-related environments through phishing campaigns, third-party integrations, and cloud misconfigurations. The FBI recently warned organizations not to pay extortion demands linked to ShinyHunters, noting that ransom payments do not guarantee stolen data will be deleted or kept offline.
For more on cybersecurity threats targeting business accounts, read TechRepublic’s coverage of the FBI’s warning about Kali365 attacks on Microsoft 365 users.
About Author
