• Home
  • cyber
  • Wynn Resorts and 7-Eleven: 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
cyber Breach

Wynn Resorts and 7-Eleven: 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand

Apr 8, 2026 2 min read
Wynn Resorts and 7-Eleven: 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand

7-Eleven Confirms Data Breach After ShinyHunters Claims Theft of 600K Records

7-Eleven, the world’s largest convenience store chain, has confirmed a data breach following claims by the ShinyHunters hacker group that it stole over 600,000 Salesforce records containing personal and corporate data. The intrusion was detected on April 8, targeting systems used to store franchisee documents.

In a notification filed with the Maine Attorney General’s Office, 7-Eleven acknowledged that unspecified personal information provided during franchise applications was compromised. While the company did not disclose the total number of affected individuals, it reported that only two Maine residents were impacted, suggesting a potentially limited scope of exposure.

ShinyHunters publicly listed 7-Eleven on its leak site on April 17, demanding a ransom by April 21 before later offering the stolen data for sale at $250,000 on a hacker forum. The group has been actively targeting Salesforce instances of major organizations since mid-2025, exploiting phishing attacks, third-party integrations, or misconfigurations rather than vulnerabilities in Salesforce’s core systems.

This breach follows a pattern of recent ShinyHunters attacks, including incidents at Instructure, Vimeo, Wynn Resorts, Vercel, and Medtronic. The group’s tactics highlight ongoing risks to enterprises relying on cloud-based platforms for sensitive data storage.

Source: https://www.securityweek.com/7-eleven-data-breach-confirmed-after-shinyhunters-ransom-demand/

Wynn Resorts cybersecurity rating report: https://www.rankiteo.com/company/wynnresorts

7-Eleven cybersecurity rating report: https://www.rankiteo.com/company/7-eleven

"id": "WYN7-E1779114946",
"linkid": "wynnresorts, 7-eleven",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'At least 600,000 records (2 '
                                              'Maine residents confirmed)',
                        'industry': 'Retail (Convenience Stores)',
                        'location': 'Global (headquartered in Japan)',
                        'name': '7-Eleven',
                        'size': 'Large (world’s largest convenience store '
                                'chain)',
                        'type': 'Corporation'}],
 'attack_vector': 'Phishing attacks, third-party integrations, or '
                  'misconfigurations',
 'customer_advisories': 'Notification to affected individuals (Maine '
                        'residents)',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '600,000+',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (personally identifiable '
                                        'information)',
                 'type_of_data_compromised': 'Personal and corporate data '
                                             '(franchise application '
                                             'information)'},
 'date_detected': '2025-04-08',
 'date_publicly_disclosed': '2025-04-17',
 'description': '7-Eleven confirmed a data breach after the ShinyHunters '
                'hacker group claimed to have stolen over 600,000 Salesforce '
                'records containing personal and corporate data. The breach '
                'targeted systems used to store franchisee documents.',
 'impact': {'data_compromised': 'Personal and corporate data from franchise '
                                'applications',
            'identity_theft_risk': 'High (personal information exposed)',
            'systems_affected': 'Salesforce instances storing franchisee '
                                'documents'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Offered for sale at '
                                                    '$250,000',
                           'entry_point': 'Salesforce instances (phishing, '
                                          'third-party integrations, or '
                                          'misconfigurations)',
                           'high_value_targets': 'Franchisee documents'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain (ransom and data sale)',
 'post_incident_analysis': {'root_causes': 'Exploitation of misconfigured '
                                           'Salesforce instances'},
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': 'Ransom demanded by April 21, 2025; later '
                                   'offered for sale at $250,000'},
 'references': [{'source': 'Maine Attorney General’s Office'},
                {'source': 'ShinyHunters leak site'}],
 'regulatory_compliance': {'regulatory_notifications': 'Filed with Maine '
                                                       'Attorney General’s '
                                                       'Office'},
 'response': {'communication_strategy': 'Notification filed with Maine '
                                        'Attorney General’s Office'},
 'threat_actor': 'ShinyHunters',
 'title': '7-Eleven Data Breach by ShinyHunters',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Misconfigured Salesforce instances'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.