RCI Hospitality Experiences Major Data Breach at Nightclubs
Data Breach at RCI Hospitality Exposes Sensitive Information
RCI Hospitality, a leading adult nightclub operator in the US, has suffered a data breach affecting numerous independent contractors. An investigation revealed an insecure direct object reference (IDOR) vulnerability in an IIS web server allowed unauthorized access to sensitive information.
Breach Details
- The breach occurred on March 19 and was discovered on March 23.
- Exposed information includes names, dates of birth, contact details, Social Security numbers, and driver’s license numbers.
- No customer information or financial systems were accessed, and business operations remained unaffected.
An IDOR vulnerability occurs when a website uses an identifier, such as an account number or file name, to retrieve a record without verifying the user’s permissions.
Although no known cybercrime group has taken credit for the attack, t
About Author
English