The company said in an SEC filing that an IDOR vulnerability affecting RCI Internet Services exposed contractor data.
Adult nightclub giant RCI Hospitality Holdings on Monday disclosed a cybersecurity incident that exposed sensitive personal information.
RCI Hospitality has disclosed a data breach involving its RCI Internet Services subsidiary, following the discovery of a security vulnerability that exposed sensitive personal information. According to a recent SEC filing, the company identified the issue on March 23, linking it to an insecure direct object reference (IDOR) vulnerability within an IIS web server.
An internal investigation revealed that the incident began on March 19, allowing unauthorized access to data belonging to numerous independent contractors. The compromised information includes names, dates of birth, contact details, Social Security numbers, and driver’s license numbers – raising concerns about potential identity theft risks.
RCI Hospitality stated that, to its knowledge, the exposed data has not been publicly disseminated. The company also confirmed that no customer information or financial systems were impacted, and that its core business operations remained unaffected. Additionally, the organization does not expect the incident to have a material financial impact.
While the exact number of affected individuals has not been disclosed, RCI Hospitality is one of the largest adult nightclub operators in the United States, with a broad portfolio that includes well-known brands such as Rick’s and Tootsie’s, along with multiple sports bars and entertainment venues.
The breach was traced to an IDOR vulnerability, a type of web application flaw that allows attackers to manipulate request parameters – such as account IDs or file references – to gain unauthorized access to restricted data. These vulnerabilities typically arise when systems fail to properly validate user permissions before granting access to requested resources.
At this stage, no known cybercriminal group has claimed responsibility for the incident. RCI Hospitality has characterized the event as unauthorized access and has not indicated any further escalation or misuse of the compromised data.
The company continues to monitor the situation while reinforcing its security measures to prevent similar vulnerabilities in the future. The incident highlights the ongoing risks associated with web application security gaps and the importance of robust access control mechanisms in protecting sensitive information.
Recommended Cyber Technology News :
- NYK Data Breach Hits Bunker Fuel Procurement System
- Gambit Security Says Claude, GPT-4 Data Breach Leaks Mexican Data
- Data Breaches Hit DermCare, Aetna, Option Care Health
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
