RCI Hospitality Notifies 40K on Data Breach
Adult nightclub operator RCI Hospitality Holdings disclosed to state authorities that a March 2026 network intrusion impacted roughly 40,000 individuals, primarily independent contractors. The company completed notifications this week, with personal information including SSNs and driver's licenses exposed via an IDOR vulnerability.
- names
- ssn
- drivers-license
- contact-info
- dates-of-birth
RCI Hospitality Holdings, the operator of numerous adult nightclubs across the United States, has notified approximately 40,000 individuals that their personal data was exposed in a network intrusion that occurred in March 2026.
According to the company's regulatory filings, the breach stemmed from an Insecure Direct Object Reference (IDOR) vulnerability that allowed unauthorized access to sensitive records. The compromised information includes full names, Social Security numbers, driver's license details, contact information, and dates of birth. Public reporting indicates the majority of those affected were independent contractors who worked with the company's venues. RCI completed its breach notifications to impacted individuals and state authorities in the first week of June 2026.
Want the rest of this breakdown?
Sign up free to keep reading. Members get extended access, the weekly breach digest, and a complimentary Warden™ to see if their identity is exposed in the breaches we cover.
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →