Read the original SEC filing excerpt
ITEM 8.01 OTHER EVENTS. RCI Internet Services, Inc., a subsidiary of RCI Hospitality Holdings, Inc., (the "Company"), recently discovered on March 23, 2026 that it sustained a cybersecurity incident starting March 19, 2026. The incident did not impact the business operations of the Company. Upon detecting the incident, the Company promptly took steps to investigate and respond with the assistance of third-party cybersecurity firms. As the investigation concluded on April 7, 2026, the Company learned that a potential insecure direct object reference vulnerability was present on its internet information services ("IIS") web server. To remediate, the Company promptly enhanced its technical security posture, including expanding the use of multifactor authentication and disabling external access to the IIS. As a result of this incident, the Company believes that certain personal information, including names and contact information, dates of birth, social security numbers, and driver's license numbers, with respect to numerous independent contractors was accessed without authorization. To the Company's knowledge, the unauthorized actor has not publicly disseminated the data. None of our customer information or financial systems were accessed. The Company is continuing to review the impacted data and will provide the required notifications to affected parties and applicable regulatory entities. As of the date of this filing, the Company believes that the incident will not have a material adverse effect on its business operations. The Company continues to investigate the incident and will incur expenses in the fiscal year directly and indirectly related to the event. The Company maintains a comprehensive cybersecurity insurance policy, which covers costs associated with the incident response, investigatory and remediation expense, potential regulatory action, business interruption, and costs associated with investigating, defending, and resolving legal proceedings related to the incident, subject to deductibles, exclusions and limits. Filed under Item 8.01; company has not formally determined materiality under Item 1.05 as of the filing date.