7-Eleven hit by data breach
https://www.cybersecuritydive.com/news/7-eleven-cyberattack-franchisee-data/820698/
Publish Date: 2026-05-20 11:47:00
Source Domain: www.cybersecuritydive.com
Dive Brief:
- Hackers breached 7-Eleven earlier this spring in an attack that exposed some franchisee information, a company spokesperson confirmed to C-Store Dive on Tuesday.
- The retailer learned on April 8 that an unauthorized third party gained access to certain 7-Eleven systems used to store franchisee documents, Jim Kastle, 7-Eleven’s chief information security officer, said in a letter sent to impacted individuals on May 1. Those documents included personal information provided to 7-Eleven during the franchise application process.
- About 50 people in Massachusetts, Maine and Vermont were impacted by the incident, according to data breach filings presented to those states last week. It’s not clear if other individuals across the country were also affected.
Dive Insight:
7-Eleven’s spokesperson said that the convenience retailer “immediately launched an investigation and began taking steps to contain the incident” upon discovering it. The company has notified law enforcement and retained third-party cybersecurity experts, and hasn’t experienced any disruption to operations, the spokesperson emphasized.
“We identified a limited number of current, former, and prospective Franchisees whose data was involved in this incident, and we are in the process of contacting those affected individuals,” 7-Eleven’s spokesperson said. “We have no reason to believe that customer data was affected.”
In the May 1 letter, Kastle said the franchisee information obtained in the breach included names and addresses, among other elements. The Vermont filing noted that the breach included Social Security numbers, while the Massachusetts site noted Social Security numbers and drivers license data were compromised.
Kastle added that 7-Eleven has arranged for impacted individuals to enroll in identity theft protection services with theft protection agency IDX for up to 24 months.
The breach impacted 47…
