7-Eleven suffered a data breach in April 2026 when the ShinyHunters group conducted an extortion campaign and later published data on approximately 185,000 individuals.
What happened
According to Have I Been Pwned, in April 2026 the ShinyHunters cybercrime group targeted 7-Eleven with a "pay or leak" extortion campaign. After the company did not comply, the stolen data was published that same month. 7-Eleven later stated the breach was limited to certain internal systems used to store franchisee documents.
What was exposed
Reported by Have I Been Pwned, the breach exposed approximately 185,000 unique email addresses along with names, physical addresses, dates of birth, and phone numbers. A small number of records reportedly contained additional data fields beyond those listed.
Who is affected
Around 185,256 individuals are affected, based on the number of unique email addresses in the leaked dataset. Given the company's statement about franchisee document systems, those affected may include franchisees, employees, or business contacts associated with 7-Eleven operations.
What to do now
If you have had dealings with 7-Eleven and may be in the affected dataset, monitor your accounts for phishing attempts or unsolicited contact, as your name, address, date of birth, and phone number were potentially exposed. Consider placing a fraud alert with the major credit bureaus if you are concerned about identity theft. Be cautious of any emails or calls claiming to be from 7-Eleven or related parties.