7-Eleven Data Breach Exposes Social Security Numbers and Driver’s Licenses

Retail data breach illustration
Breach Discovery: 17th April 2026Breach Notification: 1st May 2026

What Happened in the 7-Eleven Data Breach?

7-Eleven recently confirmed a data breach involving unauthorized access to company systems. The systems in question stored franchisee documents rather than general customer records. As a result, the 7-Eleven data breach mainly affects people who applied to become franchise owners, not everyday shoppers.

According to the company’s disclosures, an unauthorized third party gained access to certain 7-Eleven systems that held franchise application materials. On April 17, 2026, a threat actor known as ShinyHunters posted a claim on the Tor network. The group claimed to have obtained more than 600,000 Salesforce records containing personal information and other internal corporate data.

After learning of the claim, 7-Eleven took steps to investigate the scope of the intrusion. The company then confirmed which categories of information had actually been exposed. Because of this review, 7-Eleven began sending written notification letters to affected individuals starting May 1, 2026.

In addition to notifying individuals, 7-Eleven reported the incident to state regulators. The company disclosed the breach to both the Maine Attorney General and the Massachusetts Attorney General. These filings give the public additional confirmation that personal data was compromised in this incident.

Who was affected?

The 7-Eleven data breach appears to affect people who submitted personal information as part of a franchise application. This means the exposure is different from a typical retail breach involving point-of-sale customers. Instead, the people at risk are prospective business owners who trusted 7-Eleven with sensitive application materials.

7-Eleven has not publicly disclosed the exact number of individuals affected by name in its consumer-facing statements. However, the threat actor’s claim of over 600,000 Salesforce records suggests a potentially large pool of exposed data. Because franchise applications often span many years and locations, the affected population could include people across multiple states.

It also remains unclear whether the affected individuals are limited to recent applicants or include older application records. For that reason, anyone who has ever applied for a 7-Eleven franchise should treat this breach as potentially relevant to them. Regardless of when the application was submitted, the safest approach is to assume your data could be included until you receive official confirmation otherwise.

What Information Was Potentially Exposed?

Based on the company’s notifications, several categories of sensitive personal information were confirmed as exposed. This data was originally submitted during the franchise application process. Because the information includes government-issued identifiers, the exposure carries real identity theft risk.

  • Full names
  • Driver’s license numbers
  • Social Security numbers
  • Home addresses

This combination of data is particularly concerning because it includes both a government ID number and a Social Security number. Criminals can use this pairing to open new financial accounts, apply for loans, or file fraudulent tax returns. Because addresses were also exposed, scammers may use that information to make phishing attempts appear more convincing.

In addition, exposed driver’s license numbers can be used to create fake identification documents. This puts victims at risk of someone impersonating them for government services or financial transactions. As a result, affected individuals should treat this breach as a serious threat to their financial and personal identity, not simply an inconvenience.

What is the company doing?

In response to the breach, 7-Eleven says it is offering affected individuals identity theft protection services. This includes CyberScan monitoring at no cost for up to 24 months. To enroll, individuals can call the company’s dedicated phone line or visit the IDX enrollment page using the unique code from their notification letter.

7-Eleven has set an enrollment deadline of Aug. 1, 2026, for individuals who want to take advantage of this protection. IDX representatives are available Monday through Friday, from 9 a.m. to 9 p.m. Eastern Time, to help with enrollment. For further questions about the incident itself, 7-Eleven has also provided a dedicated email address for affected individuals to contact the company directly.

What Should Affected Individuals Do?

Monitor Your Credit Reports Closely

Because Social Security numbers were exposed, affected individuals should request free credit reports from AnnualCreditReport.com. Reviewing these reports regularly can help you spot unfamiliar accounts or credit inquiries early. This is one of the most reliable ways to catch identity theft before it causes lasting financial damage.

In addition to checking your credit report, review your bank and credit card statements often. Look for any transactions you do not recognize, even small ones, since fraudsters sometimes test accounts with tiny charges first. If you spot anything suspicious, report it to your financial institution immediately.

Consider a Fraud Alert or Credit Freeze

Given that Social Security numbers and driver’s license numbers were both exposed, placing a fraud alert or credit freeze is a smart precaution. You can contact Equifax, Experian or TransUnion to request either protection. A credit freeze restricts access to your credit file, which makes it much harder for criminals to open new accounts in your name.

While a fraud alert is generally easier to set up, a credit freeze offers stronger protection for this type of exposure. Because your driver’s license number was also compromised, criminals may attempt to use it alongside your SSN to impersonate you. As a result, taking both steps together provides more complete coverage against identity theft.

Watch for Phishing and Suspicious Mail

Scammers frequently use data breach news to craft convincing phishing messages. Because your address was exposed in this incident, be alert to unexpected mail referencing 7-Eleven or claiming to offer breach-related assistance. Never click links or share personal details in response to unsolicited messages, even if they appear official.

Similarly, be cautious of phone calls or emails asking you to


More Information

Official data breach notification from Washington State Attorney General

Official Notice from 7 Eleven

Official Notice from Maine

Official Notice from Mass

Official Notice from Idx

Official Notice from Annualcreditreport

Official Notice from Equifax

Official Notice from Experian

Official Notice from Transunion

Official Notice from Identitytheft

Related Data Breaches