7-Eleven confirms cyberattack, says 'personal information' may have been hit

News
By published

A new filing confirms what was known for weeks now

A hand about to touch a phone. Superimposed on top of it is a pink triangle with exclamation mark inside it. Behind it is a computer display with code on it
(Image credit: Getty Images)
  • 7‑Eleven confirms cyberattack exposed customer names, addresses, and other sensitive data through its Salesforce environment
  • ShinyHunters claimed responsibility, leaking 9.4GB of stolen records after failed ransom negotiations
  • The company is offering identity theft protection and urging customers to monitor accounts and consider fraud alerts or security freezes

Retail giant 7-Eleven has officially confirmed suffering a cyberattack which saw it lose sensitive data on an undisclosed number of individuals.

In a new filing with the Maine Attorney’s General Office, 7-Eleven said the breach took place on April 8, 2026, and that it was discovered on the same day.

While the entry does not state how many people were affected, it does contain a copy of the data breach notification letter sent out to those who are now at risk.

Latest Videos From

ShinyHunters already leaked the data

In the letter, the company said that the information crooks stole included people’s names, addresses, and “other data elements”. A third-party cybersecurity company was brought in to investigate and tighten up on security, and all affected customers were offered two years of free identity theft protection services and dark web monitoring.

The filing comes weeks after ShinyHunters, the infamous ransomware actors that have breached hundreds of organizations worldwide, claimed responsibility for the attack and even leaked the stolen files on the dark web. As per the listing, ShinyHunters broke in via 7-Eleven’s Salesforce environment:

“Over 600k Salesforce records containing PII and other internal corporate data have been compromised,” the group said, without sharing samples (as is common practice these days).

ShinyHunters gave 7-Eleven until April 21 to reach out and negotiate the deletion of the data in exchange for payment in bitcoin. However, the group ended up leaking an archive of 9.4GB a day after the deadline.

“The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care,” ShinyHunters said that day.

7-Eleven is now urging its customers to “monitor for any potential misuse of personal information” by reviewing their account statements and monitoring free credit reports. The company also suggests users consider putting a fraud alert or a security freeze.

Via Cybernews

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.