RCI Hospitality Holdings Data Breach Impacts 40k People

Published
April 13, 2026
Updated
June 22, 2026
RCI Hospitality Holdings Data Breach Impacts 40k People
RCI Hospitality Holdings
Affected by the data breach? You may be entitled to compensation. Submit a claim today.

RCI Hospitality Holdings Inc., a Houston-based company that operates more than 55 upscale adult nightclubs and restaurants across the United States, disclosed a data breach that affected approximately 40,178 individuals nationwide, including 15,553 Texas residents, 257 Maine residents and 201 Massachusetts residents.

RCI Internet Services became aware of a network disruption on March 23, 2026. The company initiated an investigation, which determined that certain files were accessed and acquired without authorization on March 19, 2026.

The investigation concluded on April 7, 2026, and found that a potential insecure direct object reference vulnerability was present on the company's internet information services (IIS) web server.

The company's review of the affected files determined that the types of information exposed included first and last names, Social Security numbers, driver's license numbers, dates of birth, contact information and passport numbers.

The breach was reported to the California Attorney General and to the Vermont Attorney General. The company began notifying consumers on May 28, 2026. According to the SEC filing, the affected individuals were independent contractors, and no customer information or financial systems were accessed during the incident.

RCI Hospitality Holdings' response to the breach

The company is offering complimentary identity protection services through IDX. These services include credit monitoring, dark web monitoring, a $1 million identity fraud loss reimbursement policy and fully managed identity theft recovery services.

Affected individuals can enroll by visiting the IDX enrollment page or by using the enrollment code included in their notification letter. The deadline to enroll is Aug. 28, 2026.

For questions or assistance, affected individuals can call 1-855-326-3023, Monday through Friday from 9 a.m. to 9 p.m. Eastern Time.

SUBMIT YOUR CLAIM TO THE LAW FIRM HANDLING THIS INVESTIGATION

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
May 28, 2026
Date of Breach
March 23, 2026
Breach Discovered Date
May 13, 2026
Total People Affected
40178
Information Types Exposed
  • names and contact information
  • dates of birth
  • social security numbers
  • driver’s license numbers
  • Name of individual
  • Social Security Number Information
  • Driver’s License number
  • first name
  • last name
  • passport number
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image