RCI Internet Services recently disclosed a cybersecurity incident involving unauthorized access to company files. The breach affected 40,178 individuals, including 257 Maine residents, and may have exposed highly sensitive personal information such as Social Security numbers, driver’s license numbers, and passport numbers.
RCI Internet Services’s Data Breach Investigation
RCI Internet Services, Inc. (“RCI”) recently notified affected individuals of a data security incident involving unauthorized access to company systems. According to the company’s notification letter, RCI became aware of a network disruption on March 23, 2026, and immediately launched an investigation with the assistance of independent cybersecurity experts.
The investigation determined that certain files were accessed and acquired without authorization on March 19, 2026. Following the discovery of the incident, RCI conducted a comprehensive review of the affected files to determine what information was involved and identify the individuals whose data may have been exposed. On May 13, 2026, the company confirmed that personal information belonging to affected individuals was contained within the compromised files.
According to regulatory filings, the incident affected 40,178 individuals, including 257 Maine residents. The breach has been classified as an external system breach involving hacking. While RCI stated that it had not identified evidence of misuse or attempted misuse of the affected information at the time notices were sent, exposure of the information involved could create significant risks for identity theft and fraud.
The company reported that the compromised information may include names together with Social Security numbers, driver’s license numbers, and passport numbers. These categories of information are particularly sensitive because they may be used by criminals to open fraudulent accounts, commit identity theft, obtain government benefits, or engage in other forms of financial fraud.
In response to the incident, RCI stated that it enhanced security measures, notified the Federal Bureau of Investigation, and committed to cooperating with any resulting investigation. The company is also providing affected individuals with complimentary identity protection services through IDX. These services include credit monitoring, dark web monitoring, identity theft recovery services, and a $1 million identity fraud loss reimbursement policy. Enrollment in the services is available through August 28, 2026.
Data breaches involving government-issued identification documents and Social Security numbers often create long-term concerns for consumers. Even if there is no immediate evidence of misuse, affected individuals may spend months or years monitoring financial accounts, reviewing credit reports, and protecting themselves from potential fraud.
Class Action U believes consumers deserve transparency and accountability when sensitive personal information is exposed. Individuals who receive a notification from RCI may wish to learn more about their legal rights and available options following this incident.
When Did This Breach Occur?
According to RCI Internet Services:
- Date Breach Occurred: March 19, 2026
- Date Breach Discovered: March 23, 2026
- Date Information Review Completed: May 13, 2026
- Notification Letters Sent: May 28, 2026
- Type of Incident: External system breach (hacking)
- Individuals Affected: 40,178
- Maine Residents Affected: 257
The company reported that unauthorized access and acquisition of certain files occurred on March 19, 2026.
What Information Was Breached?
According to RCI’s notification, the potentially exposed information may have included:
- Name
- Social Security number
- Driver’s license number
- Passport number
The specific information involved may vary depending on the affected individual.
What You Can Do
If you received a notification from RCI Internet Services, consider taking the following steps:
- Enroll in the complimentary IDX identity protection services.
- Monitor your credit reports for suspicious activity.
- Review financial accounts and statements regularly.
- Consider placing a fraud alert or credit freeze with the major credit bureaus.
- Watch for signs of identity theft, tax fraud, or unauthorized account openings.
- Keep records of any expenses or time spent addressing issues related to the breach.
Consumers who have been affected by a data breach may also wish to learn more about their legal rights and determine whether compensation may be available for harms associated with the exposure of sensitive information.
File a Data Breach Lawsuit Against RCI Internet Services
If you received a data breach notification from RCI Internet Services, you may have legal rights. Organizations that collect and store sensitive personal information are expected to implement reasonable safeguards to protect that data from unauthorized access. When information such as Social Security numbers, driver’s license numbers, and passport numbers is exposed, affected individuals may face significant identity theft and fraud risks.
A data breach lawsuit may seek compensation for damages associated with loss of privacy, identity theft concerns, time spent monitoring accounts, out-of-pocket expenses, and other harms resulting from the exposure of sensitive information.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
