Technology

Ransomware attack exposes Social Security numbers at major gas station chain

Published

1 month ago

January 23, 2026

Ransomware attack exposes Social Security numbers at major gas station chain

NEWYou can now listen to Fox News articles!

Cybercriminals are happy to target almost any industry where data can be stolen. In many cases, less prepared and less security-focused companies are simply easier targets.

A recent ransomware attack on a company tied to dozens of gas stations across Texas shows exactly how this plays out. The incident exposed highly sensitive personal data, including Social Security numbers and driver’s license details, belonging to hundreds of thousands of people.

The breach went undetected for days, giving attackers ample time to move through internal systems and steal sensitive data. If you’ve ever paid at the pump or shopped inside one of these convenience stores, this is the kind of incident that should make you stop and pay attention.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

What happened in the Gulshan ransomware attack

According to a disclosure filed with the Maine Attorney General’s Office, Gulshan Management Services, Inc. reported a cybersecurity incident that impacted more than 377,000 individuals. Gulshan is linked to Gulshan Enterprises, which operates around 150 Handi Plus and Handi Stop gas stations and convenience stores across Texas.

WINDOWS 10 USERS FACE RANSOMWARE NIGHTMARE AS MICROSOFT SUPPORT ENDS IN 2025 WORLDWIDE

The company says it detected unauthorized access to its IT systems in late September. Investigators later determined that attackers had been inside the network for roughly ten days before anyone noticed. The intrusion began with a phishing attack, a reminder of how a single deceptive email can still open the door to massive breaches.

Ransomware attacks don’t just hit tech companies. Retailers like gas stations store sensitive customer and employee data that criminals actively target. (Kurt “CyberGuy” Knutsson)

During that window, the attackers accessed and stole personal data, then deployed ransomware that encrypted files across Gulshan’s systems. The compromised information includes names, contact details, Social Security numbers and driver’s license numbers. That combination is especially dangerous, since it can be used for identity theft, account takeovers and fraud that may surface months or even years later.

Why the lack of a ransomware claim still matters

So far, no known ransomware group has publicly taken credit for the attack. That might sound like good news, but it does not necessarily change the risk for affected individuals. In many ransomware cases, silence can mean one of two things. Either the attackers have not yet posted stolen data publicly, or the victim company may have resolved the incident privately.

Gulshan’s filing states that it restored its systems using known-safe backups. That detail often suggests a company chose to rebuild rather than negotiate with attackers. Even so, once data has been copied out of a network, there is no way to pull it back. Whether or not the stolen information ever appears online, the exposure alone puts affected people at long-term risk.

This incident also highlights a recurring pattern. Retail and service businesses handle huge volumes of personal data but often rely on legacy systems and frontline employees who are prime phishing targets. Gas stations may not feel like obvious hacking targets, but their payment systems, loyalty programs and HR databases make them valuable all the same.

We reached out to Gulshan Management Services for comment regarding the breach, but did not receive a response before our deadline.

A customer pumps gas at a gas station on Feb. 13, 2025, in Austin, Texas. (Brandon Bell/Getty Images)

10 steps you can take to protect yourself after a breach like this

If your information was exposed in this breach or any similar ransomware incident, there are concrete steps you can take to reduce the fallout.

1) Monitor your credit and identity closely

If the company offers free credit monitoring or identity protection, enroll in it. These services can alert you early if someone tries to open accounts or misuse your identity. If nothing is offered, consider signing up for a reputable identity theft protection service on your own.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

2) Consider a personal data removal service

The less of your information that’s floating around data broker sites, the harder it is for criminals to target you. Data removal services can help reduce your digital footprint over time.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Even when no ransomware group claims responsibility, stolen data can still fuel identity theft, fraud, and account takeovers long after a breach occurs. (Kurt “CyberGuy” Knutsson)

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

3) Use a password manager

A password manager helps you create and store unique passwords for every account. If attackers try to reuse stolen data to break into your online accounts, strong, unique passwords can stop that attempt cold.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

4) Turn on two-factor authentication (2FA) everywhere possible

2FA adds an extra barrier, even if someone has your personal details. Prioritize email, banking, cloud storage, and shopping accounts, since those are often targeted first.

5) Install and keep a strong antivirus software running

Strong antivirus software can help detect phishing attempts, malicious downloads, and suspicious activity before it turns into a full compromise. Keep real-time protection enabled and don’t ignore warnings.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Watch for phishing and follow-up scams

After breaches like this, scammers often send fake emails or texts pretending to be the affected company or a credit monitoring service. Slow down, verify messages independently, and never click links you weren’t expecting.

7) Review your credit reports regularly

Check your reports from all major credit bureaus for unfamiliar accounts or inquiries. You’re entitled to free reports, and catching issues early makes them much easier to fix.

8) Freeze your credit to stop new accounts from being opened

If criminals expose your Social Security number, place a credit freeze as soon as possible. A credit freeze blocks lenders from opening new accounts in your name, even when thieves have your personal details. The credit bureaus offer freezes for free, and you can temporarily lift one when you apply for credit yourself. This step stops identity theft before it starts, instead of alerting you after the damage is done. If you prefer not to freeze your credit, place a fraud alert instead. A fraud alert tells lenders to verify your identity before approving credit, which adds another layer of protection.

To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.”

In the Gulshan attack, hackers spent days inside internal systems, stealing personal data before deploying ransomware that locked down files. (Silas Stein/picture alliance via Getty Images)

9) Protect yourself from tax refund fraud with an IRS Identity Protection PIN

When Social Security numbers are stolen, tax fraud often follows. Criminals can file fake tax returns in your name to steal refunds before you ever submit your paperwork. An IRS Identity Protection PIN (IP PIN) helps prevent this by ensuring only you can file a tax return using your SSN. It’s a simple but powerful safeguard that can block a common form of identity theft tied to data breaches.

10) Lock down existing bank and financial accounts

Don’t just watch for new fraud, proactively secure the accounts you already have. Enable alerts on bank and credit card accounts for large transactions, new payees, or changes to contact information. If your SSN or driver’s license number was exposed, consider calling your bank to ask about additional protections or account notes. Acting early can prevent small issues from becoming major financial problems.

Kurt’s key takeaway

Your personal data doesn’t just live with banks and hospitals. Retailers, gas stations, and convenience store operators also hold information that can cause real harm if it falls into the wrong hands. When attackers get in through something as simple as a phishing email and stay undetected for days, the damage can spread fast. You can’t prevent these breaches yourself, but you can limit how much power stolen data gives criminals by locking down your accounts and staying alert.

Do you think everyday businesses like gas stations take cybersecurity seriously enough? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Related Topics:cybercrime email Featured Hackers Privacy

Click to comment

Technology

Will Trump’s DOJ actually take on Ticketmaster?

Published

12 hours ago

February 23, 2026

Press Room

Will Trump’s DOJ actually take on Ticketmaster?

In mid-February, the Department of Justice lost its head antitrust enforcer — just weeks before it was scheduled to argue one of the year’s biggest anti-monopoly cases in court.

Antitrust Division chief Gail Slater announced her departure suddenly, via a post on her personal X account. But to those who follow the agency closely, it was far from surprising. For months, leaks about the division described tensions between Slater and her team with DOJ leadership, and President Donald Trump’s penchant for personal dealmaking raised questions about who would really call the antitrust shots.

Over the summer, two of Slater’s top deputies were fired for what the DOJ said was “insubordination.” One of them later described pushing back against a wireless networking deal between Hewlett Packard Enterprise (HPE) and Juniper Networks, peddled by “MAGA-In-Name-Only” lobbyists and DOJ officials. The week before Slater announced her departure, a third deputy also left the agency.

The timing drew extra scrutiny because Mike Davis, one of the lobbyists close to Trump who worked on the HPE-Juniper deal, is also reportedly working for Live Nation. Live Nation did not provide a comment on the reported connection. “What was happening implicitly before is now explicit,” one former DOJ official, speaking on background to discuss personnel matters, says of Slater’s sudden departure. “A lot of very powerful corporations have figured out that they can just push through fantasy deals and fantasy outcomes in ways that were impossible before, and all they have to do is pay.” After Slater posted about her departure, Attorney General Pam Bondi thanked her in a statement “for her service to the Antitrust Division which works to protect consumers, promote affordability, and expand economic opportunity.”

”A lot of very powerful corporations have figured out that they can just push through fantasy deals”

The DOJ and a group of what’s grown to 40 state attorneys general sued Live Nation-Ticketmaster in May 2024, seeking to break up the company they allege used anticompetitive practices to lock artists and venues into its orbit. By allegedly tying together different parts of its business, using exclusionary contracts, and threatening “financial retaliation” to keep new players out of the market, the company succeeded in driving up ticket prices for consumers, they argue. Live Nation said in a blog post at the time that the lawsuit “ignores everything that is actually responsible for higher ticket prices.”

With jury selection in the case slated to begin on March 2nd, many are left wondering if the DOJ will remain on the case. Should the agency settle and choose to no longer be involved in the trial, at least some of the 40 states who joined the DOJ in the initial lawsuit could — and likely would — continue to push ahead with the litigation. “We look forward to going to trial on March 2 against Live Nation,” California’s top antitrust enforcer, Paula Blizzard, said at an event the day of Slater’s announcement. Tennessee Attorney General Jonathan Skrmetti also plans to move forward with the states’ lawsuit, Capitol Forum reported.

The DOJ very well may remain a lead plaintiff. Omeed Assefi, who is taking over Slater’s role in the interim, pledged to continue her agenda, MLex reported. As of February 17th, he has said the case is strong and favors trial, according to Capitol Forum. Global Competition Review also reported last week that Assefi encouraged staff to look to his work on criminal antitrust enforcement as a guide to how he’ll lead the division. “Ask them how I feel about settling cases in lieu of trial,” he reportedly said. “Ask them how I feel about accepting half measures and mere monetary penalties in lieu of seeking justice.”

But Slater, too, was known as a serious enforcer of antitrust law — and reports suggest her agenda was overruled.

“The states are no stranger to real politik”

In general, states are always prepared for changes in their trial partners, says Gwendolyn Lindsay Cooley, former Wisconsin antitrust chief and chair of the National Association of Attorneys General Multistate Antitrust Task Force. (Cooley agreed to speak generally about the role of state enforcement and not about the Live Nation case in particular, which Wisconsin was part of during her time there.) “The states are no stranger to real politik,” Cooley says. State enforcers understand that priorities and personnel can change with administrations, either in state offices or at the DOJ. This can require changes, like reassigning the most seasoned lawyers to fill gaps left by federal attorneys. But Cooley says there are plenty of experienced litigators in the states. “My understanding from talking with states generally is that this is something they were prepared for, and so should be able to take this in stride,” Cooley says.

The T-Mobile-Sprint merger litigation may serve as a guide. After Trump’s DOJ approved the merger, some states settled their cases, but others continued a fight to block the merger. In the end, however, they failed — a court let the merger close anyway.

States could be more aggressive in pursuing the Live Nation-Ticketmaster trial. The company has been widely criticized by musicians and concertgoers alike, including after infamously bungling a Taylor Swift ticket presale in 2022. In an interview with Bloomberg, attorneys general for California and Connecticut said they’d maintain a high bar for settling. “Any resolution that is politically motivated or impacted, or any settlement that comes from trying to placate the president or meet his demands is not likely to fly with Connecticut or California either,” Connecticut AG William Tong said.

In fact, citizen complaints about Ticketmaster are among the top 10 things state AGs commonly hear about, according to Cooley. “That’s something that the state AGs are going to be really paying attention to.”

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Lauren Feiner

Technology

Spyware can hijack your phone in seconds

Published

12 hours ago

February 23, 2026

Press Room

Spyware can hijack your phone in seconds

NEWYou can now listen to Fox News articles!

You already know malware is out there. You hear about phishing emails, fake apps and data breaches almost every week. But every so often, something comes along that feels more personal. ZeroDayRAT spyware is one of those threats.

If your device gets infected, attackers can see almost everything happening on your phone. That includes your messages, notifications, location and even live camera feeds. Let that sink in for a second.

This is not some clunky virus from years ago. Security researchers at iVerify, a mobile security and digital forensics company, describe it as a complete mobile compromise toolkit. And it works on both iPhone and Android devices.

ZeroDayRAT spyware can secretly access messages, camera feeds and banking apps on infected iPhone and Android devices. (Stefan Sauer/picture alliance via Getty Images)

What makes ZeroDayRAT spyware so dangerous?

Many types of malware focus on one goal. Some steal passwords. Others spy on text messages. ZeroDayRAT spyware goes much further.

Once installed, the infected device starts transmitting data back to a central dashboard controlled by the attacker. From there, they get:

A full stream of incoming notifications
A searchable inbox of text messages
Device model and operating system details
Battery level and lock status
Network activity and app usage

In other words, they can build a detailed profile of your daily life. Reports say the dashboard even shows a live activity timeline. That timeline reveals who you talk to most, which apps you use and when you are most active online. For anyone who values privacy, that is chilling.

It can watch and listen in real time

Here is where things get even more disturbing.

ZeroDayRAT spyware includes keylogging and live surveillance tools. That means attackers can:

Capture every keystroke with context
See which app you opened
Track how long you spent inside it
Record gestures and inputs
Access your microphone
Activate your front or rear camera
View your screen in real time

Imagine someone watching your screen as you log into your bank account. Or listening while you have a private conversation. This is not a hypothetical capability. According to reporting, those features are built directly into the platform.

Your banking and crypto apps are targets too

Many people assume mobile malware only steals passwords. ZeroDayRAT spyware goes after money directly. It reportedly includes tools designed to target digital payment and banking apps such as Apple Pay and PayPal. It can also intercept banking notifications and use clipboard injection to redirect cryptocurrency transfers to the attacker’s wallet.

Even without full remote control of your phone, that level of access is enough to drain accounts and steal digital assets. And here is another troubling detail. Reports indicate the platform is openly sold on Telegram, which lowers the barrier for would-be cybercriminals. You do not need advanced hacking skills to use it. That combination of power and accessibility makes this threat especially concerning.

Why Apple and Google are tightening app rules

There is a reason Apple strongly discourages installing apps outside the App Store. Google is also exploring changes to how sideloading works on Android. When apps bypass official stores, security screening becomes weaker. That opens the door for spyware like ZeroDayRAT to sneak in. While no system is perfect, sticking to trusted app marketplaces dramatically lowers your risk.

How to tell if ZeroDayRAT spyware is on your phone

Advanced spyware is designed to stay hidden. You may not see a flashing warning that something is wrong. Still, your phone often gives subtle clues when something is off. Watch for these warning signs.

Unusual battery drain

Spyware that streams data, records audio or tracks location runs constantly in the background. If your battery suddenly drains much faster than normal, especially after no major app changes, that can be a red flag.

Phone overheating without heavy use

If your device feels hot even when you are not gaming or streaming video, background surveillance activity could be consuming resources.

Strange data usage spikes

Check your mobile data usage in settings. A sudden jump may indicate that your phone is transmitting large amounts of information to an external server.

Unknown apps or configuration changes

Look for apps you do not remember installing. On iPhone, check for unknown configuration profiles under Settings. On Android, review installed apps and device administrator permissions.

Unexpected login alerts

If you receive password reset emails or login alerts you did not trigger, assume your credentials may be compromised.

Microphone or camera indicators are activating randomly

Both iPhone and Android show visual indicators when the camera or microphone is in use. If those indicators appear when you are not actively using them, investigate immediately.

If you suspect spyware, do not ignore it. Back up essential data, perform a factory reset and restore only trusted apps. In severe cases, consult a mobile security professional.

149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK

Security researchers warn ZeroDayRAT functions as a full mobile surveillance toolkit sold openly online. (Photographer: Angel Garcia/Bloomberg via Getty Images)

How to remove ZeroDayRAT spyware from your phone

If you believe your phone may be infected, act quickly. Do not keep using it normally while you figure things out. Follow these steps.

1) Disconnect immediately

Turn off Wi-Fi and cellular data. This stops the spyware from sending more data to the attacker while you take action.

2) Change your passwords from a different device

Do not use the potentially infected phone to change passwords. Use a trusted computer or another secure device. Update passwords for email, banking, social media and payment apps first. Enable two-factor authentication (2FA) on every account. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

3) Run a trusted mobile security scan

Install and run strong antivirus software on your phone. Let it scan your device for malicious apps, suspicious configuration profiles or hidden spyware components. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

4) Remove suspicious apps and profiles

On iPhone, check Settings > General > VPN & Device Management for unknown configuration profiles. Delete anything you do not recognize. On Android, review installed apps and remove anything unfamiliar. Also, check device administrator settings and revoke access from unknown apps.

5) Back up essential data carefully

If you plan to reset your phone, back up only photos, contacts and critical files. Avoid restoring full system backups that could reintroduce malicious software.

6) Perform a factory reset

A full factory reset on your iPhone or Android is often the most effective way to remove advanced spyware. This wipes the device and removes hidden malware components. After the reset, reinstall apps manually from the official app store instead of restoring everything automatically. Before performing a factory reset, back up important photos, contacts and files, as this process permanently deletes everything stored on the device.

7) Monitor your financial accounts

Because ZeroDayRAT targets banking and crypto apps, watch your accounts closely for unusual transactions. Contact your bank immediately if you see suspicious activity.

When to replace the device

In rare cases, if the phone was deeply compromised or jailbroken, replacing the device may be the safest option. While that sounds extreme, protecting your identity and finances is worth more than the cost of a new phone.

Ways to stay safe from ZeroDayRAT spyware

The good news is that you still have control over your digital safety. Start with these practical steps to reduce your risk of infection and limit the damage if spyware ever targets your phone.

1) Avoid sideloading apps

Only install apps from the App Store or Google Play Store. Official stores screen apps for malicious code and remove threats when discovered. Do not download apps from links in emails or text messages. If an app asks you to install it from outside the store, treat that as a red flag.

2) Think before you tap and use strong antivirus protection

Do not click links from unknown senders. Even one tap can trigger a malicious download or redirect you to a fake login page. Install strong antivirus software on your mobile device. Good mobile security apps scan for spyware, block malicious websites and warn you about suspicious behavior in real time. Some also alert you if your personal information appears in known data breaches, which adds another layer of protection. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

3) Keep your phone updated

Install operating system updates as soon as they become available. Security updates patch vulnerabilities that spyware platforms like ZeroDayRAT try to exploit. Turning on automatic updates helps ensure you do not miss critical fixes.

4) Review app permissions regularly

Check which apps have access to your camera, microphone and location. Remove permissions that do not make sense. If a simple game wants constant microphone access, that should raise questions. Limiting permissions reduces what spyware can capture.

5) Use strong authentication

Turn on two-factor authentication (2FA) for banking, email and social media accounts. Even if spyware captures a password, that second verification step can stop attackers from logging in. Use a reputable password manager to create strong, unique passwords for every account.

6) Use a data removal service to reduce your exposure

Spyware operators often profile targets using personal data that is already available online. Data broker websites collect your phone number, address, relatives and more. A reputable data removal service can help remove your personal details from many of these sites. The less information criminals can gather about you, the harder it becomes to target you with convincing phishing attacks or social engineering. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com. Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Do not bypass your phone’s built-in security protections

Some people modify their phones to remove manufacturer restrictions so they can install unofficial apps or customize the system. On an iPhone, this is called jailbreaking. On Android, it is known as rooting. While that may sound harmless, it removes important security safeguards that are designed to block spyware and malicious software. Once those protections are gone, threats like ZeroDayRAT have a much easier time installing and hiding on your device. Keeping your phone in its original security state adds a powerful layer of protection that most people never see but benefit from every day.

YOUR PHONE SHARES DATA AT NIGHT: HERE’S HOW TO STOP IT

Experts say the spyware can activate a phone’s microphone and camera without a user’s knowledge. (Karl-Josef Hildenbrand/picture alliance via Getty Images)

Kurt’s key takeaways

ZeroDayRAT spyware feels unsettling because it attacks something we rely on every day. Your phone holds your conversations, photos, financial apps and personal routines. When a single piece of malware can see your screen, hear your voice and track your location, the stakes get higher. The silver lining is this. Most infections still depend on user action. A bad link was clicked. A suspicious app was installed. A warning ignored. Staying cautious may not sound exciting, but it remains one of the strongest defenses you have.

Now here is the question worth asking. If spyware can already access your camera, messages and money in one package, are tech companies and app stores doing enough to protect you? Let us know your thoughts by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Technology

Nothing couldn’t wait to show off the Phone 4A

Published

24 hours ago

February 23, 2026

Press Room

Nothing couldn’t wait to show off the Phone 4A

After teasing the upcoming launch of its midrange Phone 4A last week, Nothing has now revealed what the rear of the device looks like. An official render of the Phone 4A shared on X shows off the brand’s familiar transparent-industrial stylings, alongside a new “Glyph Bar” lighting feature located to the right of the triple camera island.

This Glyph Bar features nine individually controllable mini-LEDs that appear as a line of seven square lights — six white, and one red — replacing the three LED light strips that surround the camera on Nothing’s 3A devices. Nothing says that the Glyph Bar is 40 percent brighter than the previous A-series’ lights and uses patented tech to provide “a more natural, neutral, bleed-free glow.”

Nothing hasn’t shared much else about the Phone 4A series besides confirming it’ll be running a Snapdragon chip. Full specifications, price, and availability might not be announced until it launches on March 5th. Nothing CEO Carl Pei has confirmed that there won’t be a Phone 4 this year, however, so last year’s Phone 3 will remain the current flagship for now.