---
schema_version: "secwatch.filing_event.v1"
accession: "0001628280-26-024806"
form_type: "8-K"
ticker: "RICK"
cik: "0000935419"
company_name: "RCI HOSPITALITY HOLDINGS, INC."
filed_at: "2026-04-13T23:59:59+00:00"
generated_at: "2026-05-15T06:39:09.099627+00:00"
event_type: "cyber"
sentiment: "negative"
materiality_score: 0.7
calibrated_materiality_score: 0.7
confidence: "high"
source: SEC EDGAR
---

# RCI Hospitality discloses cybersecurity incident; contractor PII accessed, no customer data breached

## Summary
- Incident began March 19, 2026, discovered March 23; investigation concluded April 7.
- Personal info of independent contractors (names, DOB, SSN, DL#) accessed via IIS vulnerability.
- No customer or financial system access; data not publicly disseminated.
- Company enhanced security (MFA, disabled external IIS access) and has cyber insurance.
- Company believes incident will not have a material adverse effect on business operations.

## SEC filing metadata
- accession: 0001628280-26-024806
- form_type: 8-K
- ticker: RICK
- cik: 0000935419
- company_name: RCI HOSPITALITY HOLDINGS, INC.
- filed_at: 2026-04-13T23:59:59+00:00
- event_type: cyber
- sentiment: negative
- materiality_score: 0.7
- calibrated_materiality_score: 0.7
- confidence: high
- sec_items: 8.01, 9.01
- EDGAR index: https://www.sec.gov/Archives/edgar/data/935419/000162828026024806/0001628280-26-024806-index.htm
- EDGAR primary document: https://www.sec.gov/Archives/edgar/data/935419/000162828026024806/rick-20260407.htm

## Machine-readable alternates
- HTML: https://secwatch.observer/filing/0001628280-26-024806
- JSON: https://secwatch.observer/filing/0001628280-26-024806.json
- Plain text: https://secwatch.observer/filing/0001628280-26-024806.txt

This AI-assisted summary is a reading aid. Review the linked SEC EDGAR filing before relying on any specific claim.