RCI Hospitality Holdings Reports Data Breach Affecting 40,000 Individuals
RCI Hospitality Holdings, a major operator of adult nightclubs in the United States, has disclosed a data breach affecting approximately 40,000 individuals. The breach was discovered in March when an insecure direct object reference (IDOR) vulnerability was identified in an IIS web server managed by RCI Internet Services, a subsidiary of RCI Hospitality. This vulnerability allowed unauthorized access to sensitive personal information, including names, contact details, dates of birth, Social Security numbers, and driver's license numbers of numerous independent contractors. The company has informed the FBI and is cooperating with any investigations. Notification letters have been sent to affected individuals, and a review of the stolen files was completed in May. 
