272/69 Wednesday, May 20, 2026
7-Eleven (United States) has confirmed a cybersecurity incident after the cybercriminal group ShinyHunters claimed it had accessed and stolen more than 600,000 records from the company’s Salesforce systems. The allegedly stolen data reportedly includes personally identifiable information (PII) and internal corporate information. The attackers stated on their Tor-based data leak site that the company failed to reach an agreement regarding ransom demands and threatened to release the stolen data publicly if payment was not made by April 21, 2026.
7-Eleven U.S. disclosed that on April 8, 2026, the company detected unauthorized access to a system used to store franchise applicant documents. The company immediately launched an investigation after discovering the incident. According to the company, the potentially affected information includes data submitted during the franchise application process and may involve certain personal and business-related information. 7-Eleven has already begun notifying individuals who may have been impacted; however, the total number of affected individuals has not yet been officially disclosed.
ShinyHunters remains one of the most active cybercriminal groups in recent years and has previously claimed responsibility for attacks against numerous large organizations. Reports also indicate that the group has continuously targeted Salesforce environments of major enterprises since mid-2025 in order to steal large volumes of data for extortion or eventual public disclosure.