The retail sector remains one of the most vulnerable targets for cyberattacks. A large number of employees, a distributed structure, suppliers, franchisees, customer services, and internal systems create a broad attack surface. Two recent incidents – involving the Turkish supermarket chain Mopas and the international company 7-Eleven – confirm that not only customer information may be at risk, but also employee, contractor, and franchisee data.

Mopas: ransomware, unauthorized access and privilege abuse

The supermarket chain Mopaş Marketcilik notified the Turkish regulator KVKK of an incident that occurred between May 13 and May 16, 2026. The data breach was detected on May 15. According to KVKK, the comprehensive attack involved ransomware, followed by unauthorized access and abuse of privileges.

The data breach affected the company’s employees, customers, potential customers, as well as representatives and employees of suppliers.

What data was affected?

• Compromised data of contractor representatives: identity information (name, surname, Turkish ID number) and contact information (telephone, e-mail, address)
• Compromised data of company employees: job description, length of service, salary and personal data*.

* At the same time, special categories of employees’ personal data, such as health information and criminal conviction data, were not stored in digital systems, according to the company, and were not affected by the incident.

• Compromised data of customers and potential customers:
  order data and customer support data.

The exact number of affected individuals has not yet been established: access to the systems was technically restricted, and the investigation is ongoing.

7-Eleven: franchise data exposed across a global retail chain

The 7-Eleven store chain officially confirmed a data breach. The extortion group ShinyHunters, which has previously been linked to major breaches involving companies such as Google and Zara, claimed responsibility for the incident. According to the group’s statement, they gained access to more than 600,000 Salesforce records containing PII and internal corporate data.

According to 7-Eleven, there is no evidence that customer data was affected. The breach involved systems used to store franchisee documents and exposed personal information of current, former, and prospective franchisees.

The incident affected data provided during the franchise application process, including franchisee names, addresses, and “other data elements,” which potentially varied by individual and may have included Social Security Numbers. The compromised franchise filing system may also have exposed contracts, financial records, and legal documents.

7-Eleven confirmed the breach itself but has not publicly disclosed the attack vector, the exact total number of affected individuals, or the ransom amount.

Along with hacker attacks, internal threats pose an equally significant danger to retail from a data breach perspective. Employee errors, abuse of access privileges, intentional and accidental leaks of valuable information, unauthorized data copying, and violations of regulations within a distributed network of offline stores, offices, and franchise units – all of this puts valuable confidential data at risk.

To reduce data risks, retailers need to effectively counter insider business risks and gain visibility into what is happening inside the company: monitoring employee activity, preventing data leaks, and obtaining comprehensive reporting on incidents.

Learn how SearchInform Risk Monitor helps retail companies protect data, mitigate risks, and manage information security across all levels.