RCI Internet Services
Data Breach Class Action Lawsuit

Posted: June 3, 2026 -- RCI Internet Services data breach class action lawsuit investigation.

Abington Cole + Ellery is investigating the data breach recently announced by RCI Internet Services and may be filing a class action lawsuit on behalf of victims.

RCI Internet Services Data Breach Summary:

In late-May of 2026, RCI Internet Services disclosed a security incident involving unauthorized access to sensitive data, which took place on or around March 19, 2026. Approximately 40,000 individuals were affected by the RCI Internet Services data breach, and breached data may include, but is not necessarily limited to: name, Social Security number, driver’s license number, and passport number. As a result of the data breach, RCI Internet Services is offering 12 months of free credit monitoring and/or identity theft protection services to some affected individuals.

FREE CONSULTATION: If you are a victim of the RCI Internet Services data breach, and interested in potentially volunteering to serve as a class representative in a class action lawsuit against RCI Internet Services, please submit your information here to be considered:

An attorney-client relationship is not formed by submitting information through this website.

RCI Internet Services Data Breach Details:

RCI Internet Services, Inc. disclosed a data security incident tied to its parent-company network, RCI Hospitality Holdings. According to RCI Hospitality’s SEC filing, RCI Internet Services discovered the incident on March 23, 2026, and determined that the activity had begun on March 19, 2026. The company said the event did not interrupt business operations, but it did involve unauthorized access to personal information belonging to numerous independent contractors. The company also stated that customer information and financial systems were not accessed.

RCI said its investigation found a potential IDOR vulnerability on its IIS web server. RCI said it brought in outside cybersecurity firms, completed its investigation on April 7, 2026, expanded multifactor authentication, and disabled external access to the affected IIS server. SecurityWeek reported the same basic explanation and noted that no known cybercrime group had publicly claimed responsibility for the incident at the time of its report.

RCI Internet Services reported that certain files were accessed and acquired without authorization on March 19, 2026; the affected information may have included names, contact information, dates of birth, Social Security numbers, driver’s license numbers, and passport numbers. RCI said it had notified the FBI, and offered affected individuals complimentary IDX identity-protection services, including credit monitoring, dark web monitoring, identity theft recovery, and a $1 million identity fraud loss reimbursement policy.

Additional information about the RCI Internet Services data breach may be found here: RCI Internet Services Data Breach Notice (Maine Attorney General).

About RCI Internet Services:

RCI Internet Services, Inc. is a Houston-based subsidiary of RCI Hospitality Holdings, Inc., a publicly traded company whose subsidiaries operate adult nightclubs, sports bars, restaurants, and related support businesses. Public information about RCI Internet Services as a standalone entity is limited, but SEC filings identify it as part of the RCI Hospitality corporate structure, and RCI Hospitality’s website uses RCI Internet Services in its copyright notice. The company appears to function within the broader RCI Hospitality network rather than as a widely marketed independent brand.

Additional Information:

RCI HOSPITALITY HOLDINGS, INC. FORM 8-K (April 7, 2026)

LinkedIn: RCI Internet Services, Inc.

SecurityWeek: Nightclub Giant RCI Hospitality Reports Data Breach

For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?

If you believe you are a victim of the RCI Internet Services data breach, and if you would like to volunteer to serve as a class representative in a class action lawsuit regarding this data breach, please submit your information via the form on this webpage. This website is not associated with nor authorized by RCI Internet Services or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.