ShinyHunters Leaks 9.4GB Database of 7-Eleven Franchisee Systems After Extortion Refusal

In April 2026, the threat actor group ShinyHunters breached 7-Eleven’s franchisee document management and onboarding systems, exfiltrating 9.4GB of unencrypted data after the company refused ransom demands. The compromised dataset includes personal identifiable information (PII) such as full names, contact details, Social Security Numbers, and state-issued IDs, along with corporate administrative records. The attack occurred via credential harvesting and API exploitation in third-party identity management systems, with the data later verified and integrated into Have I Been Pwned on May 24, 2026.