ShinyHunters Exfiltrates 600K+ Salesforce & Franchisee Records from 7‑Eleven
What Happened — ShinyHunters announced that it stole more than 600,000 records from 7‑Eleven’s Salesforce environment and a repository of franchisee documents. The breach was discovered after an unauthorized party accessed the systems on April 8 2026, and the group threatened to publish the data unless a ransom was paid.
Why It Matters for TPRM —
- Exposure of personal and corporate PII from franchise applicants creates downstream liability for both the franchisor and its franchisees.
- Compromise of a SaaS CRM platform highlights the risk of third‑party cloud services that store critical business data.
- The incident underscores the need for continuous monitoring of vendor security postures and breach‑notification processes.
Who Is Affected — Retail & convenience‑store operators, franchise networks, and any third‑party services integrated with 7‑Eleven’s Salesforce instance.
Recommended Actions — Review 7‑Eleven’s Salesforce security controls, validate encryption and access‑management policies, audit franchisee data‑handling agreements, and monitor for credential reuse or phishing attempts targeting related accounts.
Technical Notes — Attack vector appears to be a compromise of Salesforce credentials or a mis‑configuration in the tenant that allowed bulk export of records. Exfiltrated data includes PII (names, contact details) and corporate information from franchise applications. Source: Security Affairs