Convenience store giant 7-Eleven is notifying more than 185,000 people that their personal data was exposed in a cyberattack, which may have involved a third-party recruitment or franchise management system.
The company said it discovered the breach earlier last month after an “unauthorized third party” accessed the system that was used to store franchisee documents.
According to state attorney filings and new data from the data breach checker Have I Been Pwned, the compromised records include names, dates of birth, addresses, phone numbers, and email addresses belonging to more than 185,000 individuals.
A filing with Massachusetts’ attorney general stated that the breach also exposed Social Security and driver’s license numbers.
While the convenience store giant has not identified the third-party platform at the heart of the attack, the nature of the records suggests the breach may have come from an HR and recruitment or franchise management vendor.
Check if your data has been leaked
According to a filing with Maine’s attorney general, 7-Eleven's chief information security officer, Jim Kastle, said hackers accessed an internal server containing franchisee documents.
Criminal ransomware vendor ShinyHunter has claimed responsibility for the attack and threatened to publish the stolen data unless a ransom is paid.
7-Eleven said it has since “remediated the incident” and launched an investigation, and is offering affected individuals 2 years of free credit monitoring and identity protection services.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked