Rockstar Games confirmed that an unnamed third-party vendor was breached, resulting in unauthorized access to a self-described limited amount of non-material company information; a threat actor has issued a pay-or-leak extortion ultimatum. No CVE applies as this is a third-party breach incident rather than a software vulnerability, and no confirmed IOCs have been published. Organizations should use this incident as a prompt to audit active third-party vendor connections with access to internal corporate data, review CASB and DLP logs for anomalous vendor-originated data transfers, and validate their third-party risk management program against NIST SP 800-53 SA-9 controls.