Convenience store giant 7-Eleven is notifying more than 185,000 individuals that their personal information was exposed in a cybersecurity incident linked to the ShinyHunters extortion group.
The company disclosed the breach in filings with multiple US state attorneys general, stating that attackers gained unauthorized access to systems belonging to a third-party vendor used for recruitment and hiring operations.
According to the notification, the breach exposed sensitive applicant data, including names and other personal information submitted during the hiring process. The exact data types impacted vary by individual, but some notifications reportedly included Social Security numbers, driver’s license information, and government-issued identification details.
7-Eleven said the intrusion occurred in March 2026 but was discovered weeks later during an investigation into suspicious activity affecting the vendor’s systems. The company has not publicly identified the third-party provider involved in the incident.
The breach has been linked to ShinyHunters, a cybercrime group known for large-scale data theft and extortion campaigns targeting enterprise cloud services and SaaS platforms. This incident also appears consistent with the broader “Salesforce Aura” campaign previously claimed by ShinyHunters, which the group said affected hundreds of organizations through compromised cloud and SaaS environments.
ShinyHunters previously claimed responsibility for the cyberattack on its leak site, where the group alleged it stole data tied to hundreds of thousands of job applicants after breaching 7-Eleven's Salesforce environment.
7-Eleven operates one of the world’s largest convenience store chains, with thousands of locations across North America and internationally. The company said there is currently no evidence that customer payment systems or retail store operations were affected by the incident.
Affected individuals are being offered complimentary credit monitoring and identity protection services. 7-Eleven also said it has implemented additional security measures and is working with external cybersecurity experts to investigate the incident further.
Leave a Reply