Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month.

Founded in 1927, 7-Eleven now operates, franchises, and licenses over 86,000 stores globally, including 13,000 stores in the U.S. and Canada, while its 7Rewards and Speedy Rewards loyalty programs have more than 100 million members.

In addition to 7-Eleven stores, the retail giant also operates and franchises Speedway, Stripes, Laredo Taco Company, and Raise the Roost Chicken and Biscuits locations worldwide.

As detailed in data breach notifications sent to affected individuals on May 1 and filed in multiple U.S. states on Friday, the company discovered in early April that attackers gained access to some 7-Eleven systems and the personal information of an undisclosed number of individuals.

"We recently discovered that on April 8, 2026, an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents," 7-Eleven said.

"We take the security of your personal information very seriously and immediately launched an investigation in order to assess the affected documents and bring this to your attention. We also wanted to apologize for any inconvenience this may cause you."

However, while 7-Eleven didn't share further information on the incident or the number of people affected by the resulting data breach, the ShinyHunters cybercrime gang claimed responsibility for the attack on April 17.

The extortion gang says they've allegedly stolen over 600,000 records containing corporate data and personally identifiable information after breaching the company's Salesforce environment.

​Less than a week after claiming the breach, ShinyHunters leaked a 9.4GB archive of documents on their dark web leak site after the company refused to pay a ransom to have the stolen data returned and destroyed.

"The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made," the cybercriminals said.

A 7-Eleven spokesperson was not immediately available for comment when BleepingComputer reached out to confirm ShinyHunters' claims and share additional details about the breach, including which categories of data were exposed and the number of affected individuals.

In August 2022, 7-Eleven Denmark also confirmed it was the victim of a ransomware attack that encrypted some of its systems and forced it to shut down 175 stores. 

ShinyHunters has been targeting Salesforce customers for the past year, breaching hundreds of companies and claiming they've stolen billions of records in the Salesloft Drift campaign and the more recent Salesforce Aura data theft attacks.

Last week, edtech giant Instructure announced that it reached an "agreement" with the extortion group to ensure that the data stolen in a recent breach would not be leaked online.

Other breaches recently claimed by ShinyHunters include the European Commission, video service Vimeo, edtech giant McGraw-Hill, medical device maker Medtronic, Spanish fast-fashion retailer Zara, PornHub, Rockstar Games, online dating giant Match Group, home security giant ADT, and tech giants Google and Cisco.

The Federal Bureau of Investigation (FBI) advised ShinyHunters' victims on Friday not to give in to the threat actors' demands, and it previously warned that paying a ransom does not guarantee that they will not attempt to extort the victims again or sell the stolen data to other cybercriminals.