7-Eleven data breach reportedly impacted over 185,000 accounts

Security researcher Troy Hunt, who runs the widely used data breach repository HaveIBeenPwned, said the recent breach involving convenience store giant 7-Eleven compromised more than 185,000 accounts.

Earlier this month, in a data security incident notice filed with the Office of Maine Attorney General, 7-Eleven said that on April 8, it detected unauthorised access to certain 7-Eleven systems used to store franchise documents. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

Through investigation, 7-Eleven determined that the sensitive personal data of its customers, including their names and other personal identifiers, including Social Security numbers and driver’s license numbers, was exposed.

While the notice filed with the Maine state regulator did not mention the number of affected individuals, a recent analysis from data breach repository HaveIBeenPwned revealed that 185,300 accounts were exposed. The compromised data included names, dates of birth, addresses, email addresses and phone numbers.

The ShinyHunters hacker group claimed responsibility for the cyber attack on 7-Eleven, listing the company on its data leak site as part of a wider extortion campaign targeting major organisations. The group claimed it had obtained more than 600,000 Salesforce-related records containing personal and corporate information, and threatened to release the data publicly unless a ransom was paid by April 21.The attackers later advertised the allegedly stolen data for sale on a cybercrime forum for $250,000.

ShinyHunters and associated threat actors have been connected to several high-profile cyber intrusions targeting major companies since mid-2025. The group has claimed involvement in attacks affecting organisations such as Vimeo, Wynn Resorts, Vercel, Medtronic, and Instructure. 

Investigations into these incidents indicated that many of the breaches were caused by phishing campaigns, misuse of third-party integrations, or system misconfigurations rather than flaws in Salesforce’s software.