7-Eleven Confirms Data Breach After ShinyHunters Ransom Demand

Key points

• 7-Eleven confirmed a cyberattack claimed by the ShinyHunters extortion group.
• Over 600,000 records were allegedly stolen from a Salesforce environment.
• The breach exposed personal information of approximately 185,000 people, including names, dates of birth, email addresses, phone numbers, and physical addresses.

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization

7 Eleven

Sector: Retail Trade

Likely country: 🇺🇸 United States

inferred from source domains

Estimated

Threat source

Hacking activity

Watch internet-facing systems, credential abuse and exploit activity.

• Source type: outside the affected organization

Business impact

Potential data exposure

Impact area: Confidentiality

Likely asset: User or customer data

Trend context

61 signals with similar action pattern

• 2 signals in the same sector
• 80 signals with the same likely impact area
• 1 signal linked to this organization/domain

Mentioned entities

7 ElevenData DisclosureShinyHunters Ransom Demand ConvenienceElevenShinyHuntersSalesforceOver

External sources

• Your Breaches of the Week! May 18 to May 24, 2026 - YouTubehttps://www.youtube.com/watch?v=rWEgY8KMCT0Public source from youtube.com.
• 7-Eleven data breach exposes personal information of 185,000 people - Bleeping Computerhttps://www.bleepingcomputer.com/news/security/7-eleven-data-breach-exposes-personal-information-of-185-000-people/Public source from bleepingcomputer.com.
• Personal information of 185000 people exposed after cyberattack on 7-Eleven - Help Net Securityhttps://www.helpnetsecurity.com/2026/05/26/7-eleven-data-breach-shinyhunters/Public source from helpnetsecurity.com.
• 7-Eleven confirms breach after ShinyHunters claims - Recorded Future Newshttps://therecord.media/7-eleven-reports-data-breach-shinyhuntersPublic source from therecord.media.
• This Week's Cybersecurity News: May 22nd, 2026 - Applied Techhttps://www.appliedtech.us/resource-hub/this-week-in-cybersecurity-may22-2026/Public source from appliedtech.us.
• Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of May 2026https://www.cm-alliance.com/cybersecurity-blog/biggest-cyber-attacks-data-breaches-ransomware-attacks-of-may-2026Public source from cm-alliance.com.
• 7-Eleven confirms data breach claimed by the ShinyHunters gang - Bleeping Computerhttps://www.bleepingcomputer.com/news/security/7-eleven-confirms-data-breach-claimed-by-the-shinyhunters-gang/Public source from bleepingcomputer.com.
• 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand - SecurityWeekhttps://www.securityweek.com/7-eleven-data-breach-confirmed-after-shinyhunters-ransom-demand/Public source from securityweek.com.

Related signals

Grouped by why the signal is relevant.

Hackerone·Jun 24, 2026

Same action patternSame impact area

HackerOne Affected by Klue Supply Chain Attack

Cybersecurity firm HackerOne was among the organizations impacted by the Klue supply chain attack, which involved unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.

Snyk·Jun 24, 2026

Same action patternSame impact area

Snyk Affected by Klue Supply Chain Data Breach

Developer security platform Snyk was impacted by the Klue supply chain attack, which led to unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.

Sproutsocial·Jun 24, 2026

Same action patternSame impact area

Sprout Social Data Compromised in Klue Supply Chain Attack

Sprout Social, a social media management platform, was among the companies affected by the Klue supply chain attack. The incident led to unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.

Jamf·Jun 24, 2026

Same action patternSame impact area

Jamf Customer Data Exposed in Klue Supply Chain Attack

Jamf, a provider of Apple device management solutions, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data stored in Salesforce instances, stemming from compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.

Insurity·Jun 24, 2026

Same action patternSame impact area

Insurity Customer Data Exposed in Klue Supply Chain Attack

Insurity, a leading provider of cloud-based software for insurance carriers, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform.

Gong·Jun 24, 2026

Same action patternSame impact area

Gong Customer Data Exposed in Klue Supply Chain Attack

Gong, a revenue intelligence platform, was among the organizations impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.