All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
You handed over your Social Security number, driver's license, and home address to pursue a business opportunity with 7-Eleven. Now, that information may be in the hands of cybercriminals.[1]
The convenience store giant has confirmed a data breach affecting more than 185,000 franchise applicants after hackers linked to the ShinyHunters extortion group stole and published sensitive application records.
Exposed information includes Social Security numbers, driver's license details, dates of birth, and contact information.[2]
7-Eleven is offering 24 months of free identity monitoring, but the enrollment deadline is August 1, 2026. Here's what happened, what it means, and what steps to take.
According to notices filed with state attorneys general and reporting from TechCrunch and BleepingComputer, 7-Eleven discovered unauthorized access to systems that store franchise application documents on April 8.
The company later determined that the exposed files contained information submitted by franchise applicants, including names, home addresses, phone numbers, email addresses, dates of birth, Social Security numbers, and driver's license information. More than 185,000 people have been notified.
But this recent ShinyHunters data breach is part of a broader campaign.
ShinyHunters has been systematically targeting organizations' Salesforce systems since late 2025, exploiting misconfigured guest user permissions to steal records at scale. The group demanded a $250,000 ransom. When 7-Eleven declined to pay, ShinyHunters published a 9.4GB archive of stolen files online on May 24.
Unlike many retail breaches that expose login credentials or payment information, franchise application data contains enough information to verify someone's identity across financial institutions, government agencies, and credit providers.
A Social Security number, government-issued ID, and home address can be used to open fraudulent accounts, apply for loans, file false tax returns, or create synthetic identities. Fraud isn't always immediate. Victims frequently don't discover misuse until months later, when damage is already done.
The long-term nature of the risk is another concern. While passwords can be changed and credit cards replaced, Social Security numbers are one-and-done.
The 7-Eleven data breach follows the same extortion model as the Krispy Kreme ransomware attack. Professional criminal groups specifically target business application data, not opportunistic hackers.
And the risk isn't theoretical. According to an identity theft survey by All About Cookies, data breaches are the leading cause of identity theft. Nearly two in five identity theft victims (38%) said a data breach was how criminals accessed their information in the first place. And the financial toll is real: identity theft victims spend an average of $3,312.66 resolving fraud, and restoring credit records can take months.
ID theft protection that monitors your SSN, bank accounts, credit cards, and brokerage and retirement accounts for suspicious activity
Every plan includes the full feature set, so no additional cost to unlock monitoring, insurance, or restoration
Bundles data removal with identity theft protection, antivirus, VPN, and a password manager in one subscription
If you applied for a 7-Eleven franchise at any point, take these steps now.
1. Check if you're affected. Go to Have I Been Pwned and enter the email address you used in your franchise application. The breach has been indexed there. You may also receive a mailed notification letter directly from 7-Eleven.
2. Enroll in free IDX monitoring. 7-Eleven is offering 24 months of free identity monitoring through IDX. Use the enrollment code in your notification letter or call 1-833-788-9712 (Mon–Fri, 9 am–9 pm ET).
3. Place a credit freeze at all three bureaus. Contact Equifax, Experian, and TransUnion individually to freeze your credit. It's free, takes a few minutes, and prevents anyone from opening new accounts in your name until you lift it.
4. Monitor for tax and financial fraud. SSN exposure creates risk beyond credit accounts. Watch for IRS notices about duplicate filings, unfamiliar tax documents, or new accounts you didn't open. Consider placing a fraud alert with the IRS as well.
5. Sign up for identity theft protection. A dedicated identity theft protection service provides ongoing dark web monitoring, real-time alerts, and identity restoration support if fraud does occur.
Learn more about identity theft prevention.
6. Use a data removal service. An automated data removal service submits opt-out requests to data broker databases on your behalf, reducing how many places your personal information is available to begin with.
Learn more about data broker removal or get started with a free exposure scan.
185,000 people's SSNs are now in criminal hands. That doesn't change. Your SSN doesn't expire, and neither does this risk. 7-Eleven is offering 24 months of free identity monitoring — more than most breach victims ever receive — but enrollment closes August 1.
Freeze your credit, enroll before the deadline, and stay alert for signs of fraud.
ID theft protection that monitors your SSN, bank accounts, credit cards, and brokerage and retirement accounts for suspicious activity
Every plan includes the full feature set, so no additional cost to unlock monitoring, insurance, or restoration
Bundles data removal with identity theft protection, antivirus, VPN, and a password manager in one subscription
/images/2023/10/12/best_identity_theft_protection_with_dark_web_monitoring.jpg)
/images/2023/12/05/aura-vs.-lifelock.png)
/images/2026/05/30/7-11_or_seven_eleven_24_hours_convenience_store_franchise_logo_at_fron_unA3lb5.jpg){kind=logo}
/images/2026/05/27/pearland_texas_usa_-_february_19_2022_closeup_of_krispy_kreme_restaura_1ebMGCm.jpg)
/images/2025/10/01/is_aura_worth_it.jpg)
/images/2025/08/16/is_norton_lifelock_worth_it.jpg)
/images/2025/02/20/doge-data-survey.jpg)
/images/2024/10/30/identity_theft_protection_prices_omniwatch.jpg)
/authors/thomas-kent-headshot-cropped.png){kind=small}
/authors/kate-quinlan-new.jpg){kind=small}
/images/2023/05/25/logo-aura.png){kind=logo}
