What's Happening?
RCI Hospitality Holdings, a major operator of adult nightclubs in the United States, has disclosed a data breach affecting approximately 40,000 individuals. The breach was discovered in March when an insecure direct object reference (IDOR) vulnerability
was identified in an IIS web server managed by RCI Internet Services, a subsidiary of RCI Hospitality. This vulnerability allowed unauthorized access to sensitive personal information, including names, contact details, dates of birth, Social Security numbers, and driver's license numbers of numerous independent contractors. The company has informed the FBI and is cooperating with any investigations. Notification letters have been sent to affected individuals, and a review of the stolen files was completed in May.
Why It's Important?
The data breach at RCI Hospitality Holdings highlights significant cybersecurity vulnerabilities within the adult entertainment industry, which can have far-reaching implications for privacy and data protection. The exposure of sensitive personal information poses risks of identity theft and fraud for the affected individuals. This incident underscores the importance of robust cybersecurity measures and the need for companies to safeguard personal data against unauthorized access. The breach also raises concerns about the potential financial and reputational damage to RCI Hospitality Holdings, as well as the broader implications for the industry in terms of regulatory scrutiny and consumer trust.
