A new cyberattack involving 7-Eleven is putting thousands of people on alert after hackers allegedly accessed sensitive franchisee information tied to the convenience store giant.
According to breach-tracking platform Have I Been Pwned, more than 185,000 people were impacted in a recent “hack-and-extortion attack” linked to the cybercrime group ShinyHunters. The exposed information reportedly includes names, birth dates, phone numbers, email addresses, and physical addresses. Some records also allegedly contained Social Security numbers and driver’s license details.
The breach traces back to April, when hackers reportedly gained access to an internal server storing franchisee documents. 7-Eleven Chief Information Security Officer Jim Kastle confirmed the unauthorized access in filings submitted to state attorneys general offices in Maine and Massachusetts.
ShinyHunters later claimed responsibility for the incident, accusing the company of refusing to meet ransom demands. The group reportedly threatened to release the data publicly if payment was not made. Security researchers said the hackers claimed to have stolen more than 600,000 Salesforce-related records connected to the company.
The latest incident adds to a growing list of cybersecurity problems tied to the 7-Eleven brand over the years. In 2022, several 7-Eleven stores in Denmark temporarily shut down after a ransomware attack disrupted payment and checkout systems. The company later confirmed hackers targeted store networks, forcing locations to operate without standard transaction systems for multiple days.
Years earlier, Japanese authorities also investigated a large-scale ATM fraud scheme connected to 7-Eleven cash machines. In 2016, criminals used stolen South African banking data to withdraw millions of dollars from thousands of 7-Eleven ATMs across Japan within hours. Investigators later linked the operation to an international cybercrime network.
Cybersecurity experts continue warning that retail companies remain major targets because they store large amounts of customer, franchisee, and payment information across multiple digital systems. For companies operating massive global networks like 7-Eleven, a single breach can quickly become an international problem.
