Attack on Franchisee Systems
Convenience store giant 7-Eleven has confirmed that an unauthorized third party gained access to its systems in early April, compromising franchisee documents and personal information. The company disclosed the incident in data breach notifications sent to affected individuals on May 1, following an investigation launched after the initial intrusion on April 8. 7-Eleven, which operates over 86,000 stores globally including brands like Speedway and Stripes, did not specify the number of people impacted or the full scope of data exposed.
The attack gained public attention when the ShinyHunters cybercrime gang claimed responsibility on April 17. The extortion group alleges they stole over 600,000 records containing corporate data and personally identifiable information after breaching 7-Eleven’s Salesforce environment. After the company refused to pay a ransom, ShinyHunters leaked a 9.4GB archive of stolen documents on their dark web leak site less than a week later.
Broader Campaign Against Salesforce Customers
This breach is part of a larger pattern of attacks by ShinyHunters, who have systematically targeted Salesforce customers over the past year. Their campaigns have included breaches at hundreds of companies, including edtech giant Instructure, McGraw-Hill, video service Vimeo, medical device maker Medtronic, and fashion retailer Zara. The group has also claimed attacks against entities like the European Commission, PornHub, Rockstar Games, and Google.
The Federal Bureau of Investigation has advised victims not to pay ransoms, noting that doing so does not guarantee data protection and may lead to further extortion attempts. This incident marks the second time 7-Eleven has faced a significant cyberattack, following a ransomware incident in Denmark in August 2022 that forced 175 store closures.
Source: BleepingComputer
