Technology
Ransomware attack exposes Social Security numbers at major gas station chain
NEWYou can now listen to Fox News articles!
Cybercriminals are happy to target almost any industry where data can be stolen. In many cases, less prepared and less security-focused companies are simply easier targets.
A recent ransomware attack on a company tied to dozens of gas stations across Texas shows exactly how this plays out. The incident exposed highly sensitive personal data, including Social Security numbers and driver’s license details, belonging to hundreds of thousands of people.
The breach went undetected for days, giving attackers ample time to move through internal systems and steal sensitive data. If you’ve ever paid at the pump or shopped inside one of these convenience stores, this is the kind of incident that should make you stop and pay attention.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
What happened in the Gulshan ransomware attack
According to a disclosure filed with the Maine Attorney General’s Office, Gulshan Management Services, Inc. reported a cybersecurity incident that impacted more than 377,000 individuals. Gulshan is linked to Gulshan Enterprises, which operates around 150 Handi Plus and Handi Stop gas stations and convenience stores across Texas.
WINDOWS 10 USERS FACE RANSOMWARE NIGHTMARE AS MICROSOFT SUPPORT ENDS IN 2025 WORLDWIDE
The company says it detected unauthorized access to its IT systems in late September. Investigators later determined that attackers had been inside the network for roughly ten days before anyone noticed. The intrusion began with a phishing attack, a reminder of how a single deceptive email can still open the door to massive breaches.
Ransomware attacks don’t just hit tech companies. Retailers like gas stations store sensitive customer and employee data that criminals actively target. (Kurt “CyberGuy” Knutsson)
During that window, the attackers accessed and stole personal data, then deployed ransomware that encrypted files across Gulshan’s systems. The compromised information includes names, contact details, Social Security numbers and driver’s license numbers. That combination is especially dangerous, since it can be used for identity theft, account takeovers and fraud that may surface months or even years later.
Why the lack of a ransomware claim still matters
So far, no known ransomware group has publicly taken credit for the attack. That might sound like good news, but it does not necessarily change the risk for affected individuals. In many ransomware cases, silence can mean one of two things. Either the attackers have not yet posted stolen data publicly, or the victim company may have resolved the incident privately.
Gulshan’s filing states that it restored its systems using known-safe backups. That detail often suggests a company chose to rebuild rather than negotiate with attackers. Even so, once data has been copied out of a network, there is no way to pull it back. Whether or not the stolen information ever appears online, the exposure alone puts affected people at long-term risk.
This incident also highlights a recurring pattern. Retail and service businesses handle huge volumes of personal data but often rely on legacy systems and frontline employees who are prime phishing targets. Gas stations may not feel like obvious hacking targets, but their payment systems, loyalty programs and HR databases make them valuable all the same.
We reached out to Gulshan Management Services for comment regarding the breach, but did not receive a response before our deadline.
A customer pumps gas at a gas station on Feb. 13, 2025, in Austin, Texas. (Brandon Bell/Getty Images)
10 steps you can take to protect yourself after a breach like this
If your information was exposed in this breach or any similar ransomware incident, there are concrete steps you can take to reduce the fallout.
1) Monitor your credit and identity closely
If the company offers free credit monitoring or identity protection, enroll in it. These services can alert you early if someone tries to open accounts or misuse your identity. If nothing is offered, consider signing up for a reputable identity theft protection service on your own.
Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.
2) Consider a personal data removal service
The less of your information that’s floating around data broker sites, the harder it is for criminals to target you. Data removal services can help reduce your digital footprint over time.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Even when no ransomware group claims responsibility, stolen data can still fuel identity theft, fraud, and account takeovers long after a breach occurs. (Kurt “CyberGuy” Knutsson)
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
3) Use a password manager
A password manager helps you create and store unique passwords for every account. If attackers try to reuse stolen data to break into your online accounts, strong, unique passwords can stop that attempt cold.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
4) Turn on two-factor authentication (2FA) everywhere possible
2FA adds an extra barrier, even if someone has your personal details. Prioritize email, banking, cloud storage, and shopping accounts, since those are often targeted first.
5) Install and keep a strong antivirus software running
Strong antivirus software can help detect phishing attempts, malicious downloads, and suspicious activity before it turns into a full compromise. Keep real-time protection enabled and don’t ignore warnings.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
6) Watch for phishing and follow-up scams
After breaches like this, scammers often send fake emails or texts pretending to be the affected company or a credit monitoring service. Slow down, verify messages independently, and never click links you weren’t expecting.
7) Review your credit reports regularly
Check your reports from all major credit bureaus for unfamiliar accounts or inquiries. You’re entitled to free reports, and catching issues early makes them much easier to fix.
8) Freeze your credit to stop new accounts from being opened
If criminals expose your Social Security number, place a credit freeze as soon as possible. A credit freeze blocks lenders from opening new accounts in your name, even when thieves have your personal details. The credit bureaus offer freezes for free, and you can temporarily lift one when you apply for credit yourself. This step stops identity theft before it starts, instead of alerting you after the damage is done. If you prefer not to freeze your credit, place a fraud alert instead. A fraud alert tells lenders to verify your identity before approving credit, which adds another layer of protection.
To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.”
In the Gulshan attack, hackers spent days inside internal systems, stealing personal data before deploying ransomware that locked down files. (Silas Stein/picture alliance via Getty Images)
9) Protect yourself from tax refund fraud with an IRS Identity Protection PIN
When Social Security numbers are stolen, tax fraud often follows. Criminals can file fake tax returns in your name to steal refunds before you ever submit your paperwork. An IRS Identity Protection PIN (IP PIN) helps prevent this by ensuring only you can file a tax return using your SSN. It’s a simple but powerful safeguard that can block a common form of identity theft tied to data breaches.
10) Lock down existing bank and financial accounts
Don’t just watch for new fraud, proactively secure the accounts you already have. Enable alerts on bank and credit card accounts for large transactions, new payees, or changes to contact information. If your SSN or driver’s license number was exposed, consider calling your bank to ask about additional protections or account notes. Acting early can prevent small issues from becoming major financial problems.
Kurt’s key takeaway
Your personal data doesn’t just live with banks and hospitals. Retailers, gas stations, and convenience store operators also hold information that can cause real harm if it falls into the wrong hands. When attackers get in through something as simple as a phishing email and stay undetected for days, the damage can spread fast. You can’t prevent these breaches yourself, but you can limit how much power stolen data gives criminals by locking down your accounts and staying alert.
Do you think everyday businesses like gas stations take cybersecurity seriously enough? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Valve has some good news and bad news about Steam Controllers. The good news: if you make a reservation for a Steam Controller, the company will now show you one of three estimates of when you’ll be able to actually order your gamepad: by September 2026, by December 2026, or sometime in 2027. The bad news: any reservations made today “indicate a 2027 date for shipping,” Valve says.
“We have no plans to stop making Steam Controller,” according to Valve. “But as we look at the current demand compared to how many we know we can make by the end of the year, we want to manage expectations as much as we can with regards to when folks can expect to receive their order.”
Valve’s very good new Steam Controller went on sale in early May, and the initial rush led some people to run into frustrating problems with trying to check out ahead of the controllers eventually going out of stock. A few days later, the company announced that it would be implementing a reservations queue for interested buyers so they could get on a waitlist. If you’re on the waitlist, when you get notified that a Steam Controller is ready for you to buy, you have 72 hours to actually make the order.
“When we launched Steam Controller last month, we quickly saw that initial demand exceeded our expectations,” Valve says. “Switching to a reservation queue has (hopefully) cut down on the headaches on the customer side, and for us it’s also been helpful as we plan ahead and try to get as many out as quickly as we are able.”
All three of Valve’s big hardware products were delayed from a planned early 2026 launch because of the component crisis, Valve still hasn’t announced when the Steam Machine PC or Steam Frame VR headset might go on sale. However, just yesterday, Valve officially launched its big SteamOS 3.8 update with support for the Steam Machine. It’s also been importing a lot of hardware into the US as of late.
NEWYou can now listen to Fox News articles!
The next time you pull up to a McDonald’s drive-thru, the voice taking your order may not be human. McDonald’s is testing a new AI-powered system called ArchIQ at five U.S. locations. The company has not said where those restaurants are located. The voice assistant, nicknamed Archy, can take drive-thru orders and has shown it can handle both English and Spanish.
For anyone who has repeated “no pickles” into a speaker box more than once, this could sound helpful. However, if you remember McDonald’s last AI drive-thru experiment, you may also wonder whether your burger order could somehow turn into a bag full of surprise McNuggets.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
WOULD YOU EAT AT A RESTAURANT RUN BY AI?
McDonald’s is testing an AI drive-thru system called ArchIQ at five U.S. restaurants. (Kurt “CyberGuy” Knutsson)
What is McDonald’s AI drive-thru?
ArchIQ is McDonald’s new AI system for restaurants. It can take drive-thru orders and also help with operations behind the scenes.
In a post on X, McFranchisee, an anonymous McDonald’s franchisee account, said the system is currently in five test stores and has processed more than one million transactions. The account also said about 90% of orders were completed without a human stepping in. That number sounds promising. Still, McDonald’s has not confirmed a nationwide launch date. For now, this remains a limited test.
The system also appears to connect with a bigger McDonald’s plan called “McDonald’s > NEXT.” CEO Chris Kempczinski described the strategy as a way to bring in more customers and improve restaurant productivity. The plan also includes menu changes, restaurant redesigns, technology upgrades and more focus on hospitality.
Why McDonald’s is testing AI ordering
Drive-thrus can get chaotic fast. Someone changes an order after the total appears. A child calls out from the back seat. Road noise makes the speaker hard to hear. Then the driver remembers the extra sauce after everything has already gone through. That is the type of pressure McDonald’s wants AI to handle.
If ArchIQ works well, it could help restaurants move cars through the line faster. It may also reduce mistakes during busy hours. Workers could then focus more on preparing food, handling payments and helping customers who need a real person.
ArchIQ also appears to have a management role. In the same X post, McFranchisee described Archy as a tool that could alert managers to bottlenecks or other issues before they slow down operations.
STARBUCKS USES CHATGPT TO SUGGEST DRINKS BASED ON MOOD AS EXPERT WARNS OF HIDDEN DOWNSIDES
The AI assistant, nicknamed Archy, can take drive-thru orders and may also help managers spot restaurant slowdowns. (McFranchisee)
McDonald’s tried AI drive-thru ordering before
This new test follows McDonald’s earlier AI drive-thru experiment with IBM. That program involved more than 100 restaurants. McDonald’s ended the test in 2024 after customers complained about order accuracy. Some mistakes also went viral, creating an embarrassing moment for McDonald’s and raising questions about whether the technology was ready for the drive-thru. Customers reported wrong items, strange quantities and other order mix-ups. That history is why this new test will get extra attention.
This time, McDonald’s is working with Google technology. McFranchisee also claimed every McDonald’s in the U.S. is getting Google Edge Cloud hardware in anticipation of the rollout. McDonald’s seems to believe the newer system can perform better than the last one. The real test will come when regular customers use it during real drive-thru rushes.
How McDonald’s AI drive-thru could help customers
If McDonald’s gets this right, the most obvious benefit is speed. An AI ordering system does not get tired during a long shift. It may also help more customers order in the language they prefer. That could make a busy drive-thru feel less frustrating, especially during breakfast or late-night hours.
The system may also ask clearer follow-up questions and catch missing details before the order reaches the kitchen. That would be a win for customers who want to get in, get their food and get on with the day.
The biggest problem with AI drive-thru orders
The biggest concern is accuracy. AI can still misunderstand people. That gets frustrating fast when you are trying to grab lunch between errands or get your kids fed from the back seat. A wrong order wastes time. It also puts workers in the position of fixing a mistake the machine made.
There is also the customer service side. Some people like hearing a real person at the speaker. Others may find an AI voice cold or annoying, especially if the system gets confused.
Then there is the privacy question. If an AI system takes your order, customers may wonder what gets collected, how long it is kept and who can access it. McDonald’s has not publicly explained those specifics for this current ArchIQ test.
ALEXA+ LETS YOU ORDER FOOD LIKE A REAL CONVERSATION
A drive-thru menu board stands outside a McDonald’s restaurant in Hercules, Calif., on Oct. 23, 2024, amid an E. coli outbreak linked to onions in Quarter Pounder sandwiches that has sickened dozens and killed one person across the U.S. (David Paul Morris/Bloomberg via Getty Images)
How to avoid AI drive-thru mistakes
Before you leave the drive-thru, take a moment to check the order screen. Make sure the items match what you said. Listen when the system repeats your order. Keep your receipt until you confirm the food is right.
Also, avoid sharing extra personal details at the speaker box. Your order should only require your food choices and payment.
If the AI gets confused, ask for a crew member. You do not need to keep going back and forth with a machine over fries.
What this means for you
For now, you probably will not notice a change at your local McDonald’s. The ArchIQ test appears limited to five U.S. restaurants, and the company has not said when it could expand.
Still, this gives customers a preview of where fast food may be heading. AI could soon play a bigger role in how restaurants take orders and manage the kitchen. That may speed up the line, though it could also make the experience feel less personal.
Watch the CyberGuy Live replay: Lock Down Your Phone in 30 Minutes
Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com
Kurt’s key takeaways
McDonald’s clearly wants AI to play a bigger role in its restaurants. From a business point of view, the idea makes sense. Shorter drive-thru lines could help franchisees and customers. Better restaurant data could also help managers fix problems faster. But I still want the human backup. Food orders can be messy because people are messy. We change our minds. We talk over each other. We forget the extra ketchup until the last second. AI may handle much of that one day. For now, I would treat it like any busy drive-thru interaction. Speak clearly. Check the order. Do not pull away until you know your food is right.
Would you trust an AI voice to take your McDonald’s order, or do you still want a real person on the other end of the speaker? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Midjourney CEO David Holz just showed off the company’s first hardware product and plans to build a San Francisco spa, which he admitted is a bit different from the “cat pictures” produced by its AI image generator. Dubbed The Midjourney Scanner, it’s an ultrasound-based full-body scanner that uses a ring of sensors to capture vertical slices of the inside of your body, looking at the composition of your muscle, fat, bone, and organs to start. Holz said ideally, you could do this once a year or every single day, as it “aims for image quality comparable to MRI in many ways.”
He mentioned that one way he’d like to use it would be to see how his body changes in response to diet and workout changes, saying, “I’m not the most measured man on Earth yet, you know, but maybe I want to have that daily [measurable information].” A set of job listings advertises the company’s goal as trying to “build and launch the world’s first full-body ultrasound CT scanner, ultimately bringing safe, fast, and high fidelity preventative scanning to billions via a magical spa experience.”
The Midjourney Scanner was developed in a partnership with ultrasound tech company Butterfly Network, which said it uses “40 Butterfly Ultrasound-on-Chip imaging modules per system.”
The scanning process starts with stepping onto a platform that drops down into the water on rails through a ring of thousands of transducers that create ultrasonic waves. It then records the ripples passing through your body to analyze them and create detailed 3D images. The scan takes about 60 seconds. Holz said about a dozen people have been scanned so far.
It starts by stepping into a shallow pool of golden light. You then begin to descend into the water. Your body passes through a ring of underwater sensors, each acting like a dolphin, using its echolocation. The sensors send ultrasonic sound waves through your body from every angle. With enough waves, and enough angles, we form an image of what’s happening inside your body.
It combines those sensors with two petaflops of processing power. But after watching the livestreamed reveal, I’m still unclear on what Midjourney’s AI image generation tech exactly has to do with the Midjourney Medical effort, beyond an alternative business for otherwise-unused AI compute.
Holz hopes to put 10 of the scanners into a Midjourney Spa location in San Francisco’s Union Square that will open before the end of 2027 and offered to scan the hands of attendees at its launch event. The Midjourney Spa will have a gym, saunas, and cold plunges to go along with the hot tub–equipped scanning rooms where visitors will get into the water to be scanned.
He did mention that various medical applications would require FDA clearances, but for now, Midjourney Medical says it’s working on “body composition maps” that don’t require the same level of clearance as diagnostic imaging. It also says the “library of scans” users create can be shared with doctors, AI health tools, or others, and that, “We take data privacy seriously — more details on our data policies will come as we get closer to launch.”
Holz suggested that eventually these scans could become better than an MRI, without radiation, powerful magnets, or other complicating factors, to get a look at what’s going on inside people’s bodies “real fast.” In response to a question, he imagined a future where the FDA had a class of devices to look at “weird” things and allowed people to “just try to get as much data as we can.”
-
San Francisco, CA9 minutes agoOakland man faces hate crime charges for Castro District attack
-
Dallas, TX12 minutes agoAt least 4 injured after vehicle drives into Dallas crowd, driver arrested
-
Miami, FL17 minutes agoMiami Central students prepare for life changing trip to Zimbabwe amid funding challenges
-
Boston, MA24 minutes agoGiannis to Boston is a possibility. Should the Knicks be worried?
-
Denver, CO27 minutes agoDenver Public Schools’ decline in enrollment continues to reshape district
-
Seattle, WA32 minutes agoWoo twirls 7 scoreless innings in bounceback outing vs. Orioles
-
San Diego, CA39 minutes agoNASCAR makes history with inaugural Naval Base Coronado race
-
Milwaukee, WI42 minutes agoStolen Oak Creek couple’s car found by viewer dumped near Milwaukee apartment complex
