The threat group ShinyHunters executed a "pay or leak" extortion campaign against 7-Eleven, exfiltrating a 9.4GB database from franchisee systems after the company refused payment. The breach, observed in April 2026 and added to HIBP in May, exposed PII from approximately 185,300 accounts. The leaked data was limited to administrative records within specific franchisee infrastructure environments, as confirmed by the company's statement.
The April 7-Eleven "pay or leak" extortion campaign orchestrated by the threat group ShinyHunters resulted in the theft and leak of internal data online later that month. The incident was formally added to the breach notification service Have I Been Pwned (HIBP) on May 24, 2026, which said 185,300 accounts were impacted. The 7-Elevendata breach, which was observed on April 8, 2026, exposed a substantial volume of identifiable information (PII). HIBP said the compromisedrecords included185,300 unique accounts and their: Additionally, a small number of the leaked records contained additional exposed data fields. TheShinyHuntersgroup leveraged the exfiltrated database to demand payment, threatening to publish it. Thedata wasultimately released to the public in April 2026 after the extortion attempt. Following the data exposure, 7-Elevenstated thatthe breach was strictly limited to certain 7-Eleven systems used to store franchisee documents, which is consistent with the nature of the exposed data present in the published database, according to HIBP. The compromised information directly corresponds to the administrative records maintained within these specific franchisee infrastructure environments, confirming the limited scope of the compromised systems as outlined by the company. Last week, reports announced that aNYC Health + Hospitals data breachexposed sensitive biometrics of 1.8 million individuals. This month, the threat actor claimed aWoflow data breachexposing almost 448,000 accounts and announced it had stolenalmost 120,000 Vimeo accounts. In early March, ShinyHunters claimed to have compromised data fromSnowflake, Okta, Sony, AMD, Lastpass, and Salesforcevia a massive Salesforce Breach. Get expert insights on threats, breaches, scams, and security trends — delivered every Monday. Get expert insights on threats, breaches, scams, and security trends — delivered every Monday. Get expert insights on threats, breaches, scams, and security trends — delivered every Monday. Please enter a valid email address. TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world. © 2026 TechNadu. All Rights Reserved. TechNadu is a part ofLeaprove Media LLP. This website uses cookies to ensure you get the best experience on our website.