RCI Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating RCI, LLC regarding its recent data breach. The RCI data breach involved personal identifiable information belonging to an undetermined number of individuals.


RCI is a travel arrangements company based in Indiana. Founded in 1974, RCI is a vacation exchange and global travel network with more than 750,000 available exchange and rental vacation accommodations around the world at any time.2 Today, 3.5 million members around the world use the RCI network to unlock access at more than 4,000 affiliated resorts in approximately 110 countries, plus great deals on hotels, activities, flights, and more.3 Headquartered in Indianapolis, Indiana, RCI employs over 1,000 individuals.


Recently, RCI discovered that it had experienced a data breach in which personal identifiable information may have been accessed and acquired. Through its investigation, RCI determined that an unauthorized party may have accessed this sensitive information through a vulnerability in MOVEit Transfer, a file sharing software used by RCI, between May 31, 2023, and June 1, 2023. As a result, RCI began notifying individuals whose information may have been impacted. The type of information potentially exposed includes:

  • Name
  • Social Security number
  • Address
  • Tax identification number
  • Other government identification number

If you received a breach notification letter from RCI, LLC:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or sam@turkestrauss.com.

If you were impacted by the RCI data breach, you may consider taking the following steps to protect your personal information.

  1. Carefully review the breach notice and retain a copy;
  2. Enroll in any free credit monitoring services provided by RCI, LLC:
  3. Change passwords and security questions for online accounts;
  4. Regularly review account statements for signs of fraud or unauthorized activity;
  5. Monitor credit reports for signs of identity theft; and
  6. Contact a credit bureau(s) to request a temporary fraud alert.

Share This Post: