The ShinyHunters extortion gang breached 7-Eleven’s systems in April 2026 and stole the personal data of 185,300 people. The stolen records include names, dates of birth, email addresses, phone numbers, and physical addresses. If you have ever used a 7-Eleven franchise location or its loyalty programs, your data may be part of this breach.

What Happened in the 7-Eleven Data Breach
On April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents. The company confirmed this in data breach notification letters sent to affected customers on May 1, 2026.
ShinyHunters claimed responsibility for the attack on April 17, stating they breached 7-Eleven’s Salesforce environment and stole over 600,000 records containing corporate data and personally identifiable information.
After 7-Eleven refused to pay a ransom, ShinyHunters published a 9.4GB archive of documents on their dark web leak site. The data breach notification service Have I Been Pwned analyzed the leaked data and confirmed the breach exposed records belonging to 185,300 individuals.
What Personal Data Did ShinyHunters Steal from 7-Eleven?
According to Have I Been Pwned, the 7-Eleven data breach exposed the following:
- Names
- Dates of birth
- Email addresses
- Phone numbers
- Physical addresses
A small number of records also included additional data fields beyond those listed above.
How ShinyHunters Carried Out the Attack
ShinyHunters has been targeting Salesforce customers for the past year and claims to have breached hundreds of companies through what researchers describe as Salesforce Aura data theft attacks and the Salesloft Drift campaign.
The group operates a “pay or leak” extortion model. They steal data, demand a ransom, and publish the data when victims refuse to pay. This is the same approach they used in the Ingram Micro ransomware attack, which exposed the data of more than 42,000 people.
Other breaches recently claimed by ShinyHunters include the European Commission, Vimeo, Zara, MANGO, McGraw-Hill, ADT, Medtronic, Rockstar Games, Match Group, Cisco, and Google.
Who Is Affected by the 7-Eleven Data Breach?
Anyone who interacted with 7-Eleven franchise systems or documents may be at risk. 7-Eleven operates, franchises, and licenses more than 86,000 stores worldwide, including 13,000 stores in the United States and Canada. The company’s loyalty programs, 7Rewards and Speedy Rewards, together have over 100 million members.
While 7-Eleven stated the breach was limited to “certain 7-Eleven systems used to store franchisee documents,” the exposed data categories suggest that franchise-related customer and contact records were among the stolen files.
7-Eleven’s Official Statement on the Data Breach
7-Eleven sent breach notification letters to affected customers on May 1, 2026. In those letters, the company confirmed the April 8 intrusion and stated that attackers accessed systems used to store franchisee documents.
7-Eleven has not publicly attributed the attack to ShinyHunters or provided a specific count of affected individuals. When BleepingComputer contacted the company, a spokesperson did not reply.
This is not 7-Eleven’s first major cybersecurity incident. In August 2022, 7-Eleven Denmark confirmed a ransomware attack that encrypted some of its systems and forced the chain to shut down 175 stores.
FBI Warning About ShinyHunters
The FBI issued a public service announcement on May 15, 2026, warning about ShinyHunters’ ongoing threat to organizations and individuals. The FBI’s IC3 advisory (Alert I-051526-PSA) specifically highlighted a recent attack on an online Learning Management System that disrupted educational institutions across the country.
The FBI warns that ShinyHunters actors use harassment tactics to pressure victims, including threatening text messages, phone calls, and in some cases, swatting. Threat actors may also falsely claim to have compromising photos or videos to demand payment, even when no such content exists.
The FBI strongly advises victims not to pay. Paying a ransom does not guarantee data recovery or prevent attackers from selling the stolen data or extorting victims again. You can read the FBI’s full guidance on ransomware and its recommendation to report incidents through official channels rather than comply with demands.
Two weeks before the 7-Eleven breach became public, the FBI had already advised ShinyHunters’ victims not to give in to the group’s demands.
What to Do If Your Data Was Exposed
If you are concerned your data was part of the 7-Eleven breach, take these steps immediately.
Check if your email was exposed: Visit Have I Been Pwned and enter your email address to see if it appears in the breach data.
Watch for phishing attempts: Attackers who hold your name, email address, phone number, and physical address can craft highly convincing targeted messages. Be suspicious of any unsolicited contact from 7-Eleven, banks, or delivery services that references your personal details. The FBI warns that stolen data from breaches like this can enable sophisticated spearphishing campaigns that are much harder to detect than generic scam emails.
Change passwords on accounts that use the exposed email: If you reuse the same password across multiple services, change them now. Use a unique, strong password for each account.
Enable two-factor authentication: Add an extra layer of security to your email and financial accounts.
Monitor your accounts for unauthorized activity: Check your bank accounts, credit card statements, and credit report for any transactions or changes you did not authorize. If you hold a Bank of America account and used it at a 7-Eleven location, also review the Bank of America 7-Eleven ATM fee settlement to understand whether you qualify for additional relief.
Report suspicious contact. If anyone contacts you claiming to have your personal data and demands payment, do not respond or pay. Report it to the FBI at ic3.gov.
How to Reduce Your Risk from Future Data Breaches
No action can undo a breach after it happens, but these steps reduce your exposure from future incidents.
Keep your personal accounts separate where possible. Avoid using the same email address for loyalty programs, work accounts, and banking.
Review what data you share with loyalty programs. Most programs request more information than they need to function. Providing only the required fields limits what attackers can steal if that company faces a breach.
Stay informed about new breaches. Services like Have I Been Pwned alert you when your email appears in newly published breach data, giving you an early warning before attackers start using it.
Understand how ransomware attacks work. Most people assume ransomware only disrupts businesses, but the data stolen in corporate ransomware attacks directly affects ordinary people whose information was stored on those systems.