Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals
RCI Hospitality Holdings experienced a data breach due to an insecure direct object reference (IDOR) vulnerability in an IIS web server, discovered in March 2026. This vulnerability allowed unauthorized access to personal information of approximately 40,000 individuals, including independent contractors. Exposed data includes names, contact details, dates of birth, Social Security numbers, and driver’s license numbers. The breach was disclosed in April 2026, with notification letters sent after a review of the stolen files was completed in May. The FBI has been informed, and RCI is cooperating with the investigation. No ransomware group or attacker has claimed responsibility. The vulnerability exploited is a known web application security issue where attackers manipulate URL parameters to access unauthorized data.
AI Analysis
Technical Summary
In March 2026, RCI Hospitality Holdings discovered an insecure direct object reference (IDOR) vulnerability on an IIS web server operated by its RCI Internet Services subsidiary. This vulnerability enabled attackers to access personal information by altering URL parameters to retrieve data belonging to other users. The breach resulted in the theft of files containing sensitive personal information of roughly 40,000 individuals, including independent contractors. The compromised data includes personally identifiable information such as names, contact information, dates of birth, Social Security numbers, and driver’s license numbers. The incident was reported to authorities, including the FBI, and the company is cooperating with ongoing investigations. No details about the attacker or exploitation methods beyond the IDOR vulnerability have been disclosed.
Potential Impact
The breach exposed sensitive personal information of approximately 40,000 individuals, including highly sensitive data such as Social Security numbers and driver’s license numbers. This exposure increases the risk of identity theft and fraud for affected individuals. The incident also impacts RCI Hospitality Holdings' reputation and may result in regulatory scrutiny. There is no indication of ransomware involvement or further exploitation beyond the data theft. The FBI is involved in the investigation.
Mitigation Recommendations
RCI Hospitality Holdings identified and disclosed the IDOR vulnerability that led to the breach. While no specific patch details are provided, remediation of IDOR vulnerabilities typically involves implementing proper access controls and authorization checks on web server resources. Organizations should review and secure web application endpoints to prevent unauthorized data access. Since this is not a cloud service, remediation responsibility lies with RCI. Affected individuals have been notified. The FBI is investigating, and RCI is cooperating. Patch status is not explicitly confirmed; check with RCI or relevant advisories for updates.
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals
Description
RCI Hospitality Holdings experienced a data breach due to an insecure direct object reference (IDOR) vulnerability in an IIS web server, discovered in March 2026. This vulnerability allowed unauthorized access to personal information of approximately 40,000 individuals, including independent contractors. Exposed data includes names, contact details, dates of birth, Social Security numbers, and driver’s license numbers. The breach was disclosed in April 2026, with notification letters sent after a review of the stolen files was completed in May. The FBI has been informed, and RCI is cooperating with the investigation. No ransomware group or attacker has claimed responsibility. The vulnerability exploited is a known web application security issue where attackers manipulate URL parameters to access unauthorized data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
In March 2026, RCI Hospitality Holdings discovered an insecure direct object reference (IDOR) vulnerability on an IIS web server operated by its RCI Internet Services subsidiary. This vulnerability enabled attackers to access personal information by altering URL parameters to retrieve data belonging to other users. The breach resulted in the theft of files containing sensitive personal information of roughly 40,000 individuals, including independent contractors. The compromised data includes personally identifiable information such as names, contact information, dates of birth, Social Security numbers, and driver’s license numbers. The incident was reported to authorities, including the FBI, and the company is cooperating with ongoing investigations. No details about the attacker or exploitation methods beyond the IDOR vulnerability have been disclosed.
Potential Impact
The breach exposed sensitive personal information of approximately 40,000 individuals, including highly sensitive data such as Social Security numbers and driver’s license numbers. This exposure increases the risk of identity theft and fraud for affected individuals. The incident also impacts RCI Hospitality Holdings' reputation and may result in regulatory scrutiny. There is no indication of ransomware involvement or further exploitation beyond the data theft. The FBI is involved in the investigation.
Mitigation Recommendations
RCI Hospitality Holdings identified and disclosed the IDOR vulnerability that led to the breach. While no specific patch details are provided, remediation of IDOR vulnerabilities typically involves implementing proper access controls and authorization checks on web server resources. Organizations should review and secure web application endpoints to prevent unauthorized data access. Since this is not a cloud service, remediation responsibility lies with RCI. Affected individuals have been notified. The FBI is investigating, and RCI is cooperating. Patch status is not explicitly confirmed; check with RCI or relevant advisories for updates.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/nightclub-giant-rci-says-data-breach-affects-40000-individuals/","fetched":true,"fetchedAt":"2026-06-05T07:33:37.422Z","wordCount":964}
Threat ID: 6a227bd1e29bf47b5046eb18
Added to database: 6/5/2026, 7:33:37 AM
Last enriched: 6/5/2026, 7:33:42 AM
Last updated: 6/5/2026, 9:13:03 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.