RCI Hospitality Holdings, a major adult nightclub operator in the U.S., reported a data breach affecting around 40,000 individuals. The breach was due to an insecure direct object reference (IDOR) vulnerability found in one of its IIS web servers, which allowed unauthorized access to personal information such as names, contact details, and Social Security numbers.
The company notified the affected individuals and completed a review of the stolen files by May 13, while also informing the FBI and agreeing to cooperate with investigations. The breach did not have a known ransomware group claiming responsibility.