Cyber Incident Victim: US House of Representatives

In late September 2026, Gulshan Management Services, Inc., a company linked to approximately 150 Handi Plus and Handi Stop gas stations and convenience stores across Texas, detected unauthorized access to its IT systems. Investigators determined the intrusion began with a phishing attack that allowed cybercriminals to infiltrate the network approximately ten days prior to detection. During this undetected period, attackers moved through internal systems, exfiltrating sensitive personal data including names, contact information, Social Security numbers, and driver's license numbers belonging to 377,000+ individuals. Following data theft, the attackers deployed ransomware that encrypted files across Gulshan's systems. The breach remained publicly unclaimed by any known ransomware group, and the company filed a disclosure with the Maine Attorney General's Office detailing the scope of impacted individuals.

Gulshan restored its operational systems using known-safe backups, a recovery method that typically indicates system reconstruction rather than ransom negotiation. The company did not disclose whether communications occurred with the attackers during or after the incident. Despite system restoration, the theft of highly sensitive personal information created long-term risks for affected individuals, including potential identity theft, financial fraud, and account takeovers. The compromised data combination of Social Security numbers and driver's license details provides sufficient information for criminals to impersonate victims across multiple domains. No evidence indicated public posting of stolen data at the time of reporting, though such information often surfaces months or years after initial breaches. The incident highlighted vulnerabilities in retail and service sector cybersecurity defenses, particularly regarding phishing susceptibility among frontline employees and legacy system dependencies.