Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals

The company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals appeared first on SecurityWeek .

SecurityWeek reports that RCI Internet Services, a subsidiary of nightclub giant RCI Hospitality, suffered a hacking-related data breach in March 2026, exploiting an insecure direct object reference (IDOR) vulnerability on an IIS web server and exposing sensitive data on approximately 40,178 individuals, primarily independent contractors.[1][4][8] Compromised information includes highly sensitive personal identifiers such as names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, and contact details, though the company states it has no evidence of public dissemination or misuse so far.[1][2][4] From a CyberSE.AI perspective, this incident highlights the data leakage risk from vulnerable web applications that may be integrated into or queried by AI agents and workflows; organizations should ensure access control flaws like IDOR are systematically tested, and that any AI systems consuming such back-end data enforce strict least-privilege access and logging. A structured AI Security Readiness Assessment would help identify where AI or automated agents might unintentionally broaden exposure of sensitive PII if they are given access to similarly vulne