RCI Hospitality Reports Data Breach Due to IDOR Vulnerability

RCI Hospitality, a nightclub and hospitality company, reported a data breach involving an Insecure Direct Object Reference (IDOR) vulnerability in its RCI Internet Services platform. The breach exposed contractor data, as disclosed in a filing with the U.S. Securities and Exchange Commission (SEC). No specific dates, affected record counts, or technical identifiers (e.g., CVE IDs) were provided in the report. The incident was attributed to a security flaw in the company’s online services, though further details on the scope or impact remain undisclosed. The disclosure was made public via SecurityWeek’s reporting.