7-Eleven confirms data breach linked to franchisee records

7-Eleven, the world’s largest convenience store chain, confirmed a cybersecurity breach affecting systems used to store franchisee application records after the cybercrime group ShinyHunters claimed to have stolen data from the company.

The retailer said it detected unauthorized access to internal systems on April 8, 2026, and has begun notifying affected individuals through formal security incident notices filed with state regulators.

7-Eleven disclosed the incident in a filing submitted to the Maine Attorney General’s Office, stating that the compromised records contained personal information provided during franchise applications. The company did not disclose the total number of affected individuals but said two Maine residents were impacted.

The company said the exposed data includes names, addresses, and other undisclosed personal information connected to franchisee documentation. It has not confirmed whether financial records, Social Security numbers, or other highly sensitive information were accessed during the intrusion.

7-Eleven, which operates nearly 13,000 stores across North America and more than 85,000 locations worldwide, said it launched an investigation with the assistance of a forensic cybersecurity firm immediately after discovering the breach.

The retailer said it has since secured affected systems and implemented remediation measures. Impacted individuals are being offered 24 months of complimentary identity theft protection and CyberScan credit monitoring services through IDX.

Recipients of the notification were also advised to monitor financial accounts, review credit reports, and consider placing fraud alerts or security freezes with major credit reporting agencies.

The disclosure came weeks after the ShinyHunters hacker group added 7-Eleven to its leak site as part of a broader extortion campaign targeting major organizations. The group claimed to have stolen more than 600,000 Salesforce-related records containing personal and corporate information and threatened to publish the data unless a ransom was paid by April 21.

The attackers later advertised the allegedly stolen data for sale on a cybercrime forum for $250,000.

7-Eleven has not publicly attributed the breach to ShinyHunters or confirmed whether ransomware was involved in the incident. However, the timing of the company’s disclosure has drawn attention to the possible connection between the breach and the group’s extortion claims.

ShinyHunters and affiliated threat actors have been linked to a series of high-profile intrusions targeting major companies since mid-2025. The group has claimed responsibility for attacks involving organizations including Vimeo, Wynn Resorts, Vercel, Medtronic, and Instructure.

Investigations into those incidents found that many of the intrusions stemmed from phishing attacks, abuse of third-party integrations, or system misconfigurations rather than vulnerabilities in Salesforce software itself.