7-Eleven confirms cyber attack following ShinyHunters claims

According to the document, the threat actor accessed company systems used to store franchisee documents.

“Through our investigation, we have determined that documents involved in the incident included the information you provided to us during your franchise application,” the company added, saying that data impacted included names, addresses and more.

“We initiated an investigation with a leading forensics firm as soon as we learned of these issues to assess and remediate the incident.”

While 7-Eleven did not mention the number of people impacted or identify the threat actor, infamous group ShinyHunters claimed the incident and has leaked allegedly stolen files online.

“Over 600k Salesforce records containing PII and other internal corporate data have been compromised,” the group said, adding that 7-Eleven had until 21 April to negotiate before it would reveal the data. In the end, it leaked an archive containing 9.4 gigabytes of data.

“The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don’t care,” ShinyHunters said.

VIEW ALL

7-Eleven said it was sorry for any inconvenience caused by the incident.

Who is ShinyHunters?

ShinyHunters is a prolific hacking group responsible for a raft of third-party compromises, most commonly linked to several campaigns targeting Salesforce instances.

It was previously linked to a hacking group called Scattered Lapsus$ Hunters, which formed in August 2025 and was responsible for several Salesforce compromises. ShinyHunters itself dates back to 2019.

The group is known for its technical and social engineering skills.

Previous victims include Qantas, Jaguar Land Rover, PornHub, and SoundCloud.