Millions of Job Seekers’ Resumes Exposed in Foh&Boh Data Breach
A major data exposure incident involving Foh&Boh, a U.S.-based hiring and onboarding platform for restaurants, hotels, and retailers, has left 5.4 million files primarily CVs and resumes publicly accessible via an unsecured AWS bucket. The breach, discovered by the Cybernews research team, exposed sensitive personal details that job applicants typically share with employers, including work history, contact information, and professional references.
The platform serves high-profile clients such as Taco Bell, KFC, Omni Hotels & Resorts, Nordstrom, and Hyatt Grand, raising concerns about the potential misuse of the leaked data. While the dataset was secured after multiple attempts to contact Foh&Boh, the exposure could have enabled targeted phishing attacks, identity theft, and financial fraud.
Researchers warned that cybercriminals could exploit the stolen information to craft highly personalized phishing emails, referencing specific job details or career interests to deceive victims. The data could also be weaponized for synthetic identity fraud, allowing attackers to open fraudulent bank accounts or apply for credit under victims’ names. Additionally, scammers might target financially vulnerable individuals with "get-rich-quick" schemes or impersonate past employers to extract further sensitive information.
The incident underscores the risks of misconfigured cloud storage, with experts recommending stricter access controls, encryption, and retrospective log reviews to prevent unauthorized access. While the bucket is no longer publicly accessible, the long-term impact on affected job seekers remains unclear.
Source: https://cybernews.com/security/foh-boh-hiring-platform-exposed-millions-resumes/
foh&boh cybersecurity rating report: https://www.rankiteo.com/company/foh-boh
KFC cybersecurity rating report: https://www.rankiteo.com/company/kfc
Nordstrom cybersecurity rating report: https://www.rankiteo.com/company/nordstrom
HYATT Hotels cybersecurity rating report: https://www.rankiteo.com/company/hyatt-hotels
Omni Hotels & Resorts cybersecurity rating report: https://www.rankiteo.com/company/omni-hotels
"id": "FOHKFCNORHYAOMN1769001235",
"linkid": "foh-boh, kfc, nordstrom, hyatt-hotels, omni-hotels",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Job seekers (number '
'unspecified)',
'industry': 'Human Resources, Hospitality, Retail',
'location': 'U.S.',
'name': 'Foh&Boh',
'type': 'Hiring and Onboarding Platform'},
{'industry': 'Food Service',
'location': 'U.S.',
'name': 'Taco Bell',
'type': 'Restaurant Chain'},
{'industry': 'Food Service',
'location': 'U.S.',
'name': 'KFC',
'type': 'Restaurant Chain'},
{'industry': 'Hospitality',
'location': 'U.S.',
'name': 'Omni Hotels & Resorts',
'type': 'Hotel Chain'},
{'industry': 'Retail',
'location': 'U.S.',
'name': 'Nordstrom',
'type': 'Retailer'},
{'industry': 'Hospitality',
'location': 'U.S.',
'name': 'Hyatt Grand',
'type': 'Hotel Chain'}],
'attack_vector': 'Misconfigured Cloud Storage',
'data_breach': {'number_of_records_exposed': '5.4 million files',
'personally_identifiable_information': 'Yes (contact '
'information, work '
'history, professional '
'references)',
'sensitivity_of_data': 'High (work history, contact '
'information, professional references)',
'type_of_data_compromised': ['CVs', 'Resumes']},
'description': 'A major data exposure incident involving Foh&Boh, a '
'U.S.-based hiring and onboarding platform for restaurants, '
'hotels, and retailers, has left 5.4 million files (primarily '
'CVs and resumes) publicly accessible via an unsecured AWS '
'bucket. The breach exposed sensitive personal details such as '
'work history, contact information, and professional '
'references. The dataset was secured after multiple attempts '
'to contact Foh&Boh, but the exposure could enable targeted '
'phishing attacks, identity theft, and financial fraud.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'Foh&Boh and its clients',
'data_compromised': '5.4 million files (CVs and resumes)',
'identity_theft_risk': 'High (synthetic identity fraud, financial '
'fraud)',
'systems_affected': 'AWS bucket'},
'lessons_learned': 'Risks of misconfigured cloud storage; need for stricter '
'access controls, encryption, and retrospective log '
'reviews.',
'post_incident_analysis': {'root_causes': 'Misconfigured AWS bucket'},
'recommendations': ['Stricter access controls',
'Encryption',
'Retrospective log reviews'],
'references': [{'source': 'Cybernews'}],
'response': {'containment_measures': 'AWS bucket secured after multiple '
'contact attempts',
'third_party_assistance': 'Cybernews research team'},
'title': 'Millions of Job Seekers’ Resumes Exposed in Foh&Boh Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unsecured AWS bucket'}