Gulshan Management Services Hit by Data Breach Affecting Hundreds of Thousands

Texas-based gas station operator Gulshan Management Services disclosed that a data breach it suffered earlier last year compromised the personal information of over 375,000 individuals.

 

Headquartered in Sugar Land, Texas, Gulshan Management Services is a private company that operates gas stations and convenience stores. It manages nearly 150 retail fuel and convenience locations, including stores branded as Handi Plus and Handi Stop, and is affiliated with major fuel brands such as Shell and ExxonMobil.

 

In a data security incident notice filed with the Office of Maine Attorney General, GMS said that on September 27, it identified unauthorised activity within its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Subsequent investigation determined this unauthorised access came from a successful phishing attack on September 17, 2025. The third party was able to access servers that hosted personal data and deploy malicious software that encrypted portions of GMS’s network. Working with third-party investigators and cybersecurity experts, GMS took immediate efforts to contain and remediate the incident, and to expel the third party from GMS’s systems. GMS was able to bring its systems back online using known-safe backups,” the company said.

 

The compromised data included names, contact information, Social Security numbers, and drivers’ license numbers. The filing with the Maine state regulator’s office also states that GMS have identified at least 377,082 individuals affected by the incident.

 

“In response to this incident, GMS promptly implemented measures to secure its affected systems and prevent similar occurrences in the future. For instance, GMS reset all access credentials to affected networks and systems, completely rebuilt its compromised systems, installed additional threat-monitoring software, and introduced more stringent access requirements for privileged accounts. GMS has also notified law enforcement and regulatory authorities in relevant jurisdictions,” the company added.

 

GMS has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Kroll to all affected individuals.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on GMS. The company also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.