ShinyHunters Leaks 7-Eleven Franchise-Applicant Data on ~185,000 People After Failed Extortion
Data on approximately 185,000 people was exposed in a cyberattack on convenience-store chain 7-Eleven that was later claimed by the ShinyHunters extortion gang.
VERDICT — CONFIRMED

Data on approximately 185,000 people was exposed in a cyberattack on convenience-store chain 7-Eleven that was later claimed by the ShinyHunters extortion gang. 7-Eleven discovered unauthorized third-party access on April 8, 2026; on May 1, CISO Jim Kastle confirmed the breach involved documents individuals had submitted during the franchise-application process. ShinyHunters publicly claimed responsibility on April 17, alleging it had stolen more than 600,000 records, and later released a 9.4 GB data archive after what it characterized as unsuccessful ransom negotiations.
The exposed records contained email addresses, names, physical addresses, dates of birth and phone numbers, with some records including additional information. 7-Eleven offered affected individuals 24 months of complimentary identity-theft protection and CyberScan monitoring through IDX. The incident is one of several 2026 breaches linked to ShinyHunters, which has also been tied to intrusions at ADT, Rockstar Games, Udemy and others; the FBI has warned organizations against paying extortion demands.
As with other ShinyHunters cases in the window, the actor's claimed record total (600,000+) exceeds the number of distinct individuals (about 185,000) reflected in the company's notification, underscoring the recurring gap between leak-site boasts and confirmed impact.