7‑Eleven data breach exposes 185,300 accounts, Have I Been Pwned lists April 2026 incident
7‑Eleven data breach affects 185,300 accounts, exposing names, dates of birth, addresses and contact details, Have I Been Pwned reports. The entry says the breach occurred in April 2026 and was added to the HIBP database on May 24, 2026. (haveibeenpwned.com)
Have I Been Pwned lists 185,300 affected accounts
Have I Been Pwned (HIBP) shows a pwn count of 185.3 thousand accounts tied to the 7‑Eleven incident and lists email addresses, names, physical addresses, dates of birth and phone numbers among the exposed fields. The HIBP entry attributes the incident to an April 2026 “pay or leak” extortion campaign and notes a small number of records contained additional fields. (haveibeenpwned.com)
HIBP added the 7‑Eleven entry on May 24, 2026, signaling that a publicly available data dump has been integrated into breach-monitoring feeds. The listing also includes standard remediation advice such as changing passwords and enabling two‑factor authentication. (haveibeenpwned.com)
7‑Eleven notifies that franchisee document systems were accessed
In notifications filed with state authorities, 7‑Eleven’s chief information security officer said an unauthorized third party accessed systems used to store franchisee documents, and the company learned of the activity on April 8, 2026. The disclosure appears in a sample notice submitted to Maine’s attorney general and was referenced in wider reporting on the breach. (maine.gov)
Company filings and notification letters indicate the compromised repository included documents submitted by franchise applicants and related business records, which helps explain the mix of personal and business identifiers in the exposed files. State breach notices are the primary source for the company’s description of the affected systems. (maine.gov)
Scope of exposed personal and sensitive information
The main dataset published to monitoring services lists routine personally identifiable information — names, email addresses, phone numbers, home addresses and dates of birth — which can enable targeted scams and identity fraud. HIBP’s breach page enumerates those fields and categorizes the incident as a significant data exposure. (haveibeenpwned.com)
Separate state filings indicate some records contained more sensitive identifiers. A Massachusetts data‑breach report filed in mid‑May records that Social Security numbers and driver’s license information were included in at least a subset of affected records, elevating concerns about identity‑theft risk for impacted individuals. (mass.gov)
ShinyHunters claims responsibility and issued extortion demands
Security researchers and media accounts say the criminal group ShinyHunters publicly claimed responsibility and demanded payment in exchange for not publishing the data, characterizing the attack as a “pay or leak” extortion campaign. Reporting on the group’s public postings places the claim and the subsequent publication of files in April 2026. (haveibeenpwned.com)
Some threat‑intelligence posts tied the ShinyHunters listing to broader activity in which the group asserted it took large volumes of Salesforce records from multiple victims, though those claims vary in scale and remain the subject of forensic review by affected organizations and investigators. Reporting emphasizes that actor claims must be weighed against forensic evidence collected by responders. (neuracybintel.com)
State regulators receive notification and logged individual impact
Maine’s attorney general office published a copy of a consumer notification that 7‑Eleven filed, and that filing is part of the public record for the incident’s disclosure to residents of that state. The notification process required by state law provides the primary public account of the company’s timeline and the description of affected systems. (maine.gov)
Massachusetts’ breach reporting tracker also contains a 7‑Eleven entry that lists the incident among breaches reported in 2026 and notes the presence of Social Security numbers for at least some residents. Those filings typically include a date reported to the state and the categorical listing of breached data types. (mass.gov)
Potential risks for affected individuals and recommended steps
Exposed names, addresses and dates of birth combined with contact details create fertile ground for targeted phishing, vishing and identity‑theft attempts, particularly when sensitive government identifiers are also present. Security experts say the most immediate risks are scams that use the leaked information to appear legitimate. (haveibeenpwned.com)
HIBP and regulatory notices recommend that impacted people change passwords on any accounts that shared credentials, enable two‑factor authentication where available, and monitor financial and identity records for unusual activity. Affected individuals can also review the notices filed with state attorneys general to confirm whether particularly sensitive identifiers were included in their records. (haveibeenpwned.com)
7‑Eleven’s breach features — a mix of franchisee documents and consumer identifiers — underscore the broader trend of attackers targeting non‑customer corporate systems where personally identifiable information is stored. Investigation and notification processes remain ongoing, and affected people are advised to follow the remediation guidance in state notices and monitoring services. (haveibeenpwned.com)
