RCI recognizes the importance of protecting information. RCI recently experienced a data security incident involving certain member and customer information. This notice explains what happened, what we have done in response, and steps you may wish to take.

We and many other companies use a third-party file transfer platform called MOVEit Transfer to exchange files over the internet. The developer of that platform, Progress Software, recently disclosed that there was a previously unknown vulnerability in the software. Unauthorized actors used that vulnerability to access many companies’ MOVEit Transfer platforms and take files from them.

Upon learning of the MOVEit Transfer vulnerability, we immediately followed the guidance from Progress Software for patching the MOVEit Transfer application and launched an investigation. A third-party forensic firm that has assisted other companies with similar situations was engaged. The evidence showed that the unauthorized actors accessed and took files from our MOVEit Transfer application.

During our review of the files involved, we determined that one or more of the files contained information of some members and customers, including name, address, telephone number, email, and member number. For some individuals, timeshare property contract number; reservation information, including resort name, resort location, and/or the date of the reservation; and/or transaction information related to payment of account fees, including the last four digits of credit card numbers and card carrier, was also included.

We want to assure you that we are taking it seriously. We encourage you to remain vigilant against incidents of identity theft, fraud, and phishing attempts by reviewing your financial statements for any unauthorized activity, verifying calls from unknown phone numbers, and not opening emails and links from unknown senders. You should immediately report any unauthorized activity involving your financial accounts directly to your financial institution.

We regret that this occurred and apologize for any inconvenience. If you have any questions about the incident, please email us at AfricaPrivacy@RCI.com at any time.