Gulshan Management Services reports phishing attack exposing data of 377,000 customers
Learn More
Gulshan Management Services (GMS), a Texas-based firm that manages 150 Handi Plus and Handi Stop convenience stores, reports a data breach exposing the data of hundreds of thousands
The incident started on September 17, 2025, when an employee fell for a phishing attack, giving the attackers a path into the network. The company did not detect the intruders until September 27, 2025, ten days after the initial entry.
The attackers were able to access servers that hosted personal data and deploy malicious software that encrypted portions of GMS’s network.
The breach exposed sensitive files for 377,082 people. The exposed data includes:
- Full names
- Contact information
- Social Security numbers
- Driver's license numbers
Gulshan Management Services reported the incident and started notifying affected individuals on January 5, 2026. The company is offering free identity monitoring services including credit monitoring, fraud consultation, and identity theft restoration.
This four-month delay has led to law firms investigating the company for failing to protect data and for the delayed notification.
