RCI Hospitality, a prominent name in the nightclub industry, has disclosed a data breach incident that has compromised contractor data. The breach was reported in a filing with the U.S. Securities and Exchange Commission (SEC), highlighting the company's commitment to transparency in addressing the issue.

The breach was caused by an Insecure Direct Object Reference (IDOR) vulnerability within RCI Internet Services. This type of vulnerability occurs when an application provides direct access to objects based on user-supplied input, without proper authorization checks. As a result, unauthorized individuals could potentially access sensitive data belonging to RCI's contractors.

The exposure of contractor data poses significant risks, including identity theft and unauthorized access to personal information. Contractors associated with RCI Hospitality may find their personal and professional information at risk, necessitating immediate protective measures.

To mitigate potential damage, affected contractors are advised to remain vigilant by monitoring their financial accounts and personal information for any signs of misuse. Additionally, changing passwords and enabling two-factor authentication where possible can help enhance security.

RCI Hospitality's swift action in reporting the breach to the SEC demonstrates the importance of addressing cybersecurity vulnerabilities promptly. Organizations are reminded of the necessity to regularly audit their systems for such vulnerabilities and implement robust security measures to protect sensitive data from unauthorized access.

Source: https://www.securityweek.com/nightclub-giant-rci-hospitality-reports-data-breach/