7-Eleven breach exposed Social Security numbers, 185,000 email addresses
7-Eleven said Social Security numbers, names and addresses were exposed. About 185,000 email addresses were also caught up, widening the risk.

A Social Security number paired with a birth date, home address and phone number gives criminals enough to build a convincing identity profile, and 7-Eleven’s breach dumped exactly that kind of data into the open. The exposure goes well beyond email spam: it can fuel phishing, fake account openings, tax fraud and long-tail identity theft that can linger after passwords are changed.
The Maine Attorney General’s breach database says 7-Eleven, Inc., based in Irving, Texas, discovered the incident on April 8, 2026 and that at least two Maine residents were affected. The filing says the company offered 24 months of identity theft protection and CyberScan monitoring through IDX. In a notice to affected people, signed by chief information security officer Jim Kastle, 7-Eleven said an unauthorized third party gained access to systems used to store franchisee documents and said it launched an investigation with a forensics firm. The company also advised recipients to review account statements, monitor free credit reports and consider a fraud alert or security freeze.

Have I Been Pwned tied the incident to a “pay or leak” extortion campaign by ShinyHunters and said roughly 185,000 unique email addresses were exposed, along with names, physical addresses, dates of birth and phone numbers. A smaller set of records also contained additional data fields. That makes the breach especially damaging for people whose data was in the file set, because the stolen details can be combined to answer security questions, bypass weak verification steps and sharpen scam messages that reference real personal information.

The scale matters because 7-Eleven is not a niche operator. Reporting has linked the company to more than 13,000 stores that it operates, franchises or licenses across the United States and Canada, which means the breach lands in the middle of a sprawling retail and franchise network. When sensitive franchise records are exposed, the risk reaches applicants, owners and employees, not just one location or one state.
The larger pattern is familiar. Big consumer brands keep accumulating highly sensitive information, then struggle to contain it when attackers get inside. Disclosure rules can give victims free monitoring and a heads-up, but the public measure of accountability is still whether the same companies keep leaking the same data, and whether the consequences ever rise above a mailed notice and a credit alert.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Did this article answer your question?

