Convenience store giant **7-Eleven** suffered a data breach in April, leading to the compromise of personal information belonging to over 183,000 people, according to **Have I Been Pwned**. The breach was attributed to the **ShinyHunters** extortion gang. Founded in 1927, **7-Eleven** operates, franchises, and licenses more than 86,000 stores worldwide, including 13,000 stores in the U.S. and Canada. **7-Eleven** also operates and franchises Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits locations, and its 7Rewards and Speedy Rewards loyalty programs also have over 100 million members. ### Breach Details **7-Eleven** disclosed the data breach in notification letters sent to affected customers on May 1st, revealing that unauthorized access to some of their systems occurred in early April. "We recently discovered that on April 8, 2026, an unauthorized third party gained access to certain **7-Eleven** systems used to store franchisee documents," the company stated. While **7-Eleven** has not officially attributed the attack to **ShinyHunters**, the group claimed responsibility on April 17th. The cybercriminals asserted that they stole over 600,000 records containing corporate data and personally identifiable information after breaching **7-Eleven's Salesforce** environment. After the company refused to pay a ransom, a 9.4GB archive of documents was leaked on their dark web leak site.  *7-Eleven entry on ShinyHunters' leak site (BleepingComputer)* ### Exposed Data **Have I Been Pwned** analyzed the leaked data and confirmed that the breach exposed the data of 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses. "The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of records also contained additional exposed data fields," it said. "The company later advised the breach was limited to 'certain **7-Eleven** systems used to store franchisee documents,' a statement consistent with the exposed data." ### Previous Attacks **7-Eleven** Denmark also confirmed it was the victim of a ransomware attack in August 2022, after the attackers encrypted some of its systems and forced the chain to shut down 175 stores. ### ShinyHunters' Recent Activity **ShinyHunters** has been actively targeting **Salesforce** customers, claiming to have stolen billions of records in the **Salesforce Aura** data theft attacks and the **Salesloft Drift** campaign. Recent breaches claimed by **ShinyHunters** include the **European Commission**, video service **Vimeo**, Spanish fast-fashion retailers **Zara** and **MANGO**, edtech giant **McGraw-Hill**, home security giant **ADT**, medical device maker **Medtronic**, **PornHub**, **Rockstar Games**, online dating giant **Match Group**, as well as tech giants **Cisco** and **Google**. Two weeks ago, the FBI advised **ShinyHunters'** victims not to give in to the threat actors' demands, reiterating that paying ransoms does not guarantee the return or deletion of the stolen data. <a rel="noopener nofollow" href="https://hubs.li/Q048zztN0"><img alt="article image" src="https://www.bleepstatic.com/c/p/validation-gap.jpg"></a> <div> <h2><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">The Validation Gap: Automated Pentesting Answers One Question. You Need Six.</a></h2> <p>Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.</p> <p>This guide covers the 6 surfaces you actually need to validate.</p> <p><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">Download Now</a></p> </div>