Cyber Incident Victim: Gulshan Management Services, Inc.

The ransomware attack against Gulshan Management Services, Inc., linked to Gulshan Enterprises operating approximately 150 Handi Plus and Handi Stop gas stations and convenience stores across Texas, began with an initial intrusion via a phishing attack. Unauthorized actors gained access to Gulshan's IT systems in late September 2025. Once inside, the attackers remained undetected within the network for approximately ten days. During this extended period of undetected access, the attackers moved through internal systems, locating and stealing sensitive personal data belonging to individuals associated with the company. Following the data theft, the attackers deployed ransomware, which encrypted files across Gulshan's systems, disrupting operations.

Gulshan Management Services detected the unauthorized access to its IT systems in late September 2025. Subsequent investigation determined the attackers had been present for about ten days prior to detection. The compromised personal data included names, contact details, Social Security numbers, and driver's license numbers. Gulshan reported the incident to the Maine Attorney General's Office, disclosing that the breach impacted more than 377,000 individuals. The company restored its affected systems using known-safe backups. No ransomware group publicly claimed responsibility for the attack. The theft of Social Security numbers combined with driver's license details creates a significant risk of identity theft, account takeovers, and fraud for the affected individuals, with potential consequences that could surface months or years later.