Cyber Incident Victim: Gulshan Management Services, Inc.

In late September 2025, Gulshan Management Services, Inc. detected unauthorized access to its IT systems. The intrusion began with a successful phishing attack that allowed the threat actor to gain entry to the network. The attacker remained undetected for approximately ten days before being identified. During this period, the threat actor exfiltrated personal data and deployed ransomware that encrypted portions of the company's IT estate.

Gulshan reported that the breach exposed 377,082 sets of customer information. The compromised data included names, social security numbers, contact details, and driver’s license numbers. The affected individuals were customers of the Handi Plus and Handi Stop gas station brands, which Gulshan operates across roughly 150 locations in Texas. No ransomware group has publicly claimed responsibility for the attack.

Following detection, Gulshan restored its systems using known-safe backups, indicating a decision to rebuild rather than pay a ransom. The company began providing affected customers with a year of identity monitoring services. Gulshan has notified impacted customers of the breach and is offering the monitoring assistance. A law firm, Schubert Jonckheer and Kolbe, stated that Gulshan likely violated state and federal notification laws by delaying disclosure, and is preparing a class action lawsuit on behalf of impacted individuals.