[Digital Today AI Reporter] A data leak incident at 7-Eleven was confirmed to have affected the personal information of about 185,000 people.

On May 26 (local time), IT outlet TechCrunch reported that the leaked information included names, dates of birth, home addresses, phone numbers and email addresses.

The incident is linked to a breach reported in April. Have I Been Pwned, a service that tracks breaches and provides notifications to victims, said newly registered data confirmed 7-Eleven was hit by an attack combining hacking and a monetary demand. The service put the number of affected people at about 185,000.

ShinyHunters was named as being behind the attack. The group claimed responsibility and said it would release the data unless its demand for money was met. The incident was assessed as a typical leak-and-extortion attack that uses stolen information as leverage.

Some details about the intrusion route were also confirmed. In a filing submitted to the Maine Attorney General’s Office, Jim Kastle (짐 캐슬), 7-Eleven’s chief information security officer, said hackers accessed an internal server where franchise-related documents were stored. With signs that the attackers first breached the internal document storage area rather than a customer service system, weaknesses in corporate internal data management are expected to come under scrutiny.

The scope of the leak expanded further based on state filings. A separate document submitted to the Massachusetts Attorney General’s Office stated that Social Security numbers and driver’s license information were also included. The document raised the possibility that sensitive information used to verify identity may have been exposed beyond basic contact details.

The incident is heightening concerns about secondary damage beyond a simple personal data leak. That is because names, dates of birth, addresses, phone numbers and email addresses were leaked together, and some victims’ information also included identification numbers used for authentication. With attackers mentioning releasing the data, whether the scope widens and the possibility of additional harm remain key variables.

7-Eleven said the breach occurred on an internal server where franchise-related documents were stored. It remains to be clarified in future notices whether those affected are limited to people involved in franchise operations or include broader customer data. What has been confirmed so far is that about 185,000 people’s personal information was leaked in the hack and that some documents included sensitive identity information.