7-Eleven data breach compromises personal details of 185,000 individuals
The ShinyHunters group claims responsibility for the incident, which exposes names, addresses, and government-issued IDs, according to listings on Have I Been Pwned and state attorney general offices.
Convenience store chain 7-Eleven has confirmed a significant data breach affecting more than 185,000 individuals, following claims of responsibility from the ShinyHunters hacking group. The incident, initially reported in April, involved unauthorised access to an internal server containing franchisee documents, according to a listing with Maine’s Attorney General’s office.
Jim Kastle, 7-Eleven’s chief information security officer, confirmed the breach in filings cited by the Maine regulator. The attackers gained entry to the server holding these internal records, prompting the convenience retailer to address the security failure as the scope of compromised data became clear.
The hack-and-extortion attack was detailed in a new listing on the data breach notification service Have I Been Pwned, which aggregates caches of breached data to alert affected parties. The service noted that ShinyHunters took credit for the intrusion and indicated an intent to publish the stolen information unless a payment was made.
The compromised dataset includes a range of personal identifiers. Beyond names, dates of birth, physical addresses, phone numbers, and email addresses, a separate listing with the Massachusetts Attorney General’s office confirmed that Social Security numbers and driver’s licenses were also exposed in the breach.
The confirmation from multiple state regulatory bodies and the notification service underscores the severity of the data exposure. The incident highlights the risks associated with internal server security for large retail franchises, particularly when sensitive personal and government-issued identification data is stored alongside operational documents.
