The data breach suffered by convenience store chain giant 7-Eleven in mid-April likely impacts just over 185,000, breach notification website HaveIBeenPwned reports.
The incident, 7-Eleven said in a data breach notice filed with the Maine Attorney General’s Office earlier this month, occurred on April 8 and involved systems containing franchise documents.
7-Eleven said that personal information such as names and addresses was likely stolen in the attack, but did not disclose the number of potentially affected individuals.
In mid-April, the infamous extortion group ShinyHunters listed 7-Eleven on its leak website, claiming to have stolen 600,000 Salesforce records, and demanding a ransom to be paid by April 21. The group later offered the data for sale on a Russian hacking forum.
The allegedly stolen data has since been published online and added to HaveIBeenPwned, which parsed the dataset and analyzed it.
According to the website, the leaked information is consistent with 7-Eleven’s statement on the incident and includes names, addresses, email addresses, and dates of birth.
The incident, HaveIBeenPwned says, appears to affect roughly 185,300 individuals. For a small subset, additional data fields were compromised as well.
Over the past year, ShinyHunters has been targeting the Salesforce instances of major organizations, mainly through phishing, third-party integrations, and misconfigurations.
Following a February alert from Mandiant about escalating ShinyHunters-branded activity, the hacking group claimed responsibility for attacks against Instructure, Vimeo, Wynn Resorts, Vercel, and Medtronic.
Related: Oncology Institute Discloses Data Breach
Related: 266,000 Affected by Data Breach at Radiology Associates of Richmond
Related: DocketWise Data Breach Impacts 143,000
Related: American Lending Center Data Breach Affects 123,000 Individuals
