May 26
/
Latest News
7‑Eleven Confirms Data Breach Affecting 185,000 as ShinyHunters Claims Attack
Data belonging to roughly 185,000 people was exposed in a cyberattack on convenience store giant 7‑Eleven, according to breach‑tracking service Have I Been Pwned.
The compromised information includes names, email addresses, physical addresses, dates of birth, and phone numbers, with a smaller subset of records containing additional personal details. 7‑Eleven, which operates more than 86,000 stores across 19 countries, discovered on April 8, 2026, that an unauthorized third party had accessed certain company systems. In a May 1 notice, Chief Information Security Officer Jim Kastle confirmed that the affected documents contained information submitted during the franchise application process.
Kastle said the company immediately launched an investigation and apologized to those impacted, adding that affected individuals are being offered 24 months of free identity theft protection and CyberScan monitoring through IDX.
While 7‑Eleven did not publicly identify the threat actor, the extortion group ShinyHunters claimed responsibility on April 17. The gang alleged it had stolen more than 600,000 records and later published a 9.4‑gigabyte archive after what it described as failed ransom negotiations.
ShinyHunters has been linked to a string of high‑profile breaches this year, including incidents involving ADT, the European Commission, Aura, Rockstar Games, and Udemy. In early May, Instructure—the company behind the Canvas learning platform—reached an agreement with the group to prevent stolen data from being leaked.
The FBI has since warned organizations and individuals not to comply with ShinyHunters’ extortion demands, noting that paying ransom does not guarantee deletion of stolen data or prevent future attempts at coercion.
The compromised information includes names, email addresses, physical addresses, dates of birth, and phone numbers, with a smaller subset of records containing additional personal details. 7‑Eleven, which operates more than 86,000 stores across 19 countries, discovered on April 8, 2026, that an unauthorized third party had accessed certain company systems. In a May 1 notice, Chief Information Security Officer Jim Kastle confirmed that the affected documents contained information submitted during the franchise application process.
Kastle said the company immediately launched an investigation and apologized to those impacted, adding that affected individuals are being offered 24 months of free identity theft protection and CyberScan monitoring through IDX.
While 7‑Eleven did not publicly identify the threat actor, the extortion group ShinyHunters claimed responsibility on April 17. The gang alleged it had stolen more than 600,000 records and later published a 9.4‑gigabyte archive after what it described as failed ransom negotiations.
ShinyHunters has been linked to a string of high‑profile breaches this year, including incidents involving ADT, the European Commission, Aura, Rockstar Games, and Udemy. In early May, Instructure—the company behind the Canvas learning platform—reached an agreement with the group to prevent stolen data from being leaked.
The FBI has since warned organizations and individuals not to comply with ShinyHunters’ extortion demands, noting that paying ransom does not guarantee deletion of stolen data or prevent future attempts at coercion.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.