7-Eleven confirms data breach claimed by the ShinyHunters gang

Comfort retailer chain big 7-Eleven confirmed that its techniques have been breached in a cyberattack claimed by the ShinyHunters extortion group final month.

Based in 1927, 7-Eleven now operates, franchises, and licenses over 86,000 shops globally, together with 13,000 shops within the U.S. and Canada, whereas its 7Rewards and Speedy Rewards loyalty applications have greater than 100 million members.

Along with 7-Eleven shops, the retail big additionally operates and franchises Speedway, Stripes, Laredo Taco Firm, and Increase the Roost Rooster and Biscuits areas worldwide.

As detailed in data breach notifications despatched to affected people on Could 1 and filed in a number of U.S. states on Friday, the corporate found in early April that attackers gained entry to some 7-Eleven techniques and the non-public info of an undisclosed variety of people.

“We not too long ago found that on April 8, 2026, an unauthorized third occasion gained entry to sure 7-Eleven techniques used to retailer franchisee paperwork,” 7-Eleven stated.

“We take the security of your private info very severely and instantly launched an investigation to be able to assess the affected paperwork and produce this to your consideration. We additionally needed to apologize for any inconvenience this may occasionally trigger you.”

Nevertheless, whereas 7-Eleven did not share additional info on the incident or the variety of individuals affected by the ensuing data breach, the ShinyHunters cybercrime gang claimed duty for the assault on April 17.

The extortion gang says they’ve allegedly stolen over 600,000 data containing company information and personally identifiable info after breaching the corporate’s Salesforce atmosphere.

​Lower than per week after claiming the breach, ShinyHunters leaked a 9.4GB archive of paperwork on their darkish net leak website after the corporate refused to pay a ransom to have the stolen information returned and destroyed.

“The corporate failed to achieve an settlement with us regardless of our unimaginable persistence, all the probabilities and affords we made,” the cybercriminals stated.

A 7-Eleven spokesperson was not instantly out there for remark when BleepingComputer reached out to substantiate ShinyHunters’ claims and share further particulars concerning the breach, together with which classes of knowledge have been uncovered and the variety of affected people.

In August 2022, 7-Eleven Denmark additionally confirmed it was the sufferer of a ransomware assault that encrypted a few of its techniques and compelled it to close down 175 shops. 

ShinyHunters has been concentrating on Salesforce prospects for the previous 12 months, breaching tons of of corporations and claiming they’ve stolen billions of data within the Salesloft Drift marketing campaign and the more moderen Salesforce Aura information theft assaults.

Final week, edtech big Instructure introduced that it reached an “settlement” with the extortion group to make sure that the information stolen in a current breach wouldn’t be leaked on-line.

Different breaches not too long ago claimed by ShinyHunters embody the European Fee, video service Vimeo, edtech big McGraw-Hill, medical gadget maker Medtronic, Spanish fast-fashion retailer Zara, PornHub, Rockstar Video games, on-line relationship big Match Group, residence security big ADT, and tech giants Google and Cisco.

The Federal Bureau of Investigation (FBI) suggested ShinyHunters’ victims on Friday to not give in to the menace actors’ calls for, and it beforehand warned that paying a ransom doesn’t assure that they won’t try and extort the victims once more or promote the stolen information to different cybercriminals.