The ShinyHunters hacker group successfully breached 7-Eleven's systems used for storing franchisee documents, stealing more than 600,000 Salesforce records that included personal and corporate information. The breach was detected on April 8, 2026, and involved data provided during franchise applications. The attackers issued a ransom demand and subsequently offered the data for sale. The root cause of the breach was linked to phishing attacks, abuse of third-party integrations, or misconfigurations rather than any inherent vulnerability in Salesforce software. This incident is part of a broader campaign by ShinyHunters targeting Salesforce instances of major organizations since mid-2025.

The breach resulted in unauthorized disclosure of over 600,000 Salesforce records containing personal and corporate data related to 7-Eleven franchisees. While the total number of affected individuals is not disclosed, only two residents of Maine were confirmed impacted, suggesting limited personal information exposure. The stolen data's compromise could lead to privacy violations and potential misuse of corporate information. No direct evidence of exploitation or further attacks stemming from this breach has been reported.

No official patch or fix is applicable as the breach resulted from phishing, third-party integration abuse, or misconfigurations rather than a software vulnerability. Organizations should review and strengthen their security controls around third-party integrations and phishing defenses. 7-Eleven has issued security incident notices and is managing the response. Monitoring for unauthorized access and reviewing franchisee data handling practices are recommended. Patch status is not applicable; remediation focuses on improving operational security and access controls.