Global Shop Solutions' ANKA Platform Data Breach Affects 537,877 Users

GSPlatformCo Inc, the company behind the ANKA e-commerce platform and its parent company, Global Shop Solutions, recently experienced a major data breach that has affected 537,877 individuals in the United States, including 1,295 residents of Massachusetts, 798 residents of Washington, 102 residents of Maine, and 68 residents of New Hampshire.

The breach was discovered on Nov. 22, 2025, and involved unauthorized access to a non-core customer data system. The compromised data set was a snapshot from April 2025, meaning the information was approximately seven months old at the time of the incident.

The exposed information included personally identifiable information (PII) such as names, contact information (including email addresses), demographic data, account status, and basic transaction history. Notably, no financial data, login credentials, authentication tokens, or protected health information (PHI) were involved in this breach.

The incident did not affect ANKA’s core database, and the company has emphasized that passwords, payment card data, and sensitive files were not compromised.

The breach was reported to the attorneys general offices of Maine, New Hampshire, and Washington, and the Massachusetts OCABR on Jan. 12, 2026. The California Attorney General was notified on Jan. 14, 2026, and the Vermont Attorney General on Jan. 16, 2016.

Affected individuals were notified electronically on Jan. 16, 2026.

The company has not publicly attributed the breach to a specific threat actor or hacking group. However, it is unclear whether this disclosure is related to the ransomware attack Global Shop Solutions fell victim to in October 2025. At that time, the PLAY ransomware group claimed credit for a hack that exfiltrated "[p]rivate and personal confidential data, client documents, budget, payroll, accounting, taxes, IDs, finance information, and more."

ANKA's response

Upon discovering the breach, ANKA launched a security investigation and took steps to harden its environment against further unauthorized access. The company confirmed that the compromised data was limited to an older snapshot and that its current systems are secure.

Regulatory authorities, including those responsible for data protection, were notified as required by law.

ANKA has provided guidance to affected users, recommending vigilance against phishing attempts and spam, especially given that names and email addresses were part of the exposed data.

The company reminds users that ANKA will never request passwords, payment card details, or verification codes via email, text, or chat. Users are encouraged to use strong, unique passwords for their ANKA accounts and to treat unexpected messages with caution.

For further support or questions, the ANKA Security Team can be reached at security@anka.africa.