Overview
- 7‑Eleven discovered on April 8, 2026 that an unauthorized party accessed systems used to store franchisee application documents.
- The ShinyHunters extortion gang claimed responsibility on April 17 and published a roughly 9.4GB archive after ransom talks failed.
- Have I Been Pwned analyzed the published files and found about 185,300 unique records containing names, email addresses, dates of birth, phone numbers, and physical addresses.
- 7‑Eleven has sent breach notices, offered up to 24 months of IDX identity‑protection and CyberScan monitoring to affected people, and has not formally named a responsible threat actor.
- The FBI has urged victims not to pay extortion demands because payment does not guarantee deletion of stolen data, and security experts warn the leak raises the risk of resale, phishing, and identity fraud.