Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in Unsecured AWS Bucket
A major data exposure incident has left the personal details of millions of job seekers vulnerable after U.S.-based hiring and onboarding platform Foh&Boh accidentally left an AWS S3 bucket unsecured, containing 5.4 million files primarily CVs and resumes. The breach, discovered by the Cybernews research team, exposed sensitive applicant information, including work history, contact details, and personal identifiers, which could be exploited for identity theft, phishing attacks, and financial fraud.
Foh&Boh serves high-profile clients in the restaurant, hotel, and retail industries, including Taco Bell, KFC, Omni Hotels & Resorts, Nordstrom, and Hyatt Grand. The exposed data could allow cybercriminals to craft highly targeted phishing emails, referencing specific job applications or career details to deceive victims into revealing financial information or installing malware. Researchers warned that attackers might also use the data to open fraudulent bank accounts, apply for credit, or launch synthetic identity scams, particularly targeting individuals in vulnerable financial situations.
The unsecured bucket was closed after multiple attempts to contact Foh&Boh, but the extent of unauthorized access remains unclear. The incident underscores the risks of misconfigured cloud storage, with experts recommending stricter access controls, encryption, and log reviews to prevent similar exposures.
This breach follows another recent incident involving Luxshare, a key Apple supplier, where a ransomware group allegedly stole confidential data from Apple, Nvidia, and LG. The Foh&Boh leak highlights the growing threat of resume-based cyberattacks, where attackers leverage personal data to bypass security measures and exploit job seekers.
Source: https://cybernews.com/security/foh-boh-hiring-platform-exposed-millions-resumes/
Nordstrom TPRM report: https://www.rankiteo.com/company/nordstrom
KFC TPRM report: https://www.rankiteo.com/company/kfc
Foh&Boh TPRM report: https://www.rankiteo.com/company/foh-boh
Taco Bell TPRM report: https://www.rankiteo.com/company/taco-bell
Hyatt Grand TPRM report: https://www.rankiteo.com/company/hyatt
"id": "norkfcfohtachya1769001351",
"linkid": "nordstrom, kfc, foh-boh, taco-bell, hyatt",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5.4 million job seekers',
'industry': 'Human Resources, Recruitment',
'location': 'U.S.',
'name': 'Foh&Boh',
'type': 'Hiring/Onboarding Platform'},
{'industry': 'Food Service',
'name': 'Taco Bell',
'type': 'Restaurant'},
{'industry': 'Food Service',
'name': 'KFC',
'type': 'Restaurant'},
{'industry': 'Hospitality',
'name': 'Omni Hotels & Resorts',
'type': 'Hotel'},
{'industry': 'Retail',
'name': 'Nordstrom',
'type': 'Retail'},
{'industry': 'Hospitality',
'name': 'Hyatt Grand',
'type': 'Hotel'}],
'attack_vector': 'Misconfigured AWS S3 bucket',
'data_breach': {'file_types_exposed': ['PDF', 'DOC', 'DOCX (assumed)'],
'number_of_records_exposed': '5.4 million files',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': ['CVs',
'Resumes',
'Work history',
'Contact details',
'Personal identifiers']},
'description': 'A major data exposure incident has left the personal details '
'of millions of job seekers vulnerable after U.S.-based hiring '
'and onboarding platform Foh&Boh accidentally left an AWS S3 '
'bucket unsecured, containing 5.4 million files primarily CVs '
'and resumes. The breach exposed sensitive applicant '
'information, including work history, contact details, and '
'personal identifiers, which could be exploited for identity '
'theft, phishing attacks, and financial fraud.',
'impact': {'brand_reputation_impact': 'High (exposure of sensitive job seeker '
'data)',
'data_compromised': '5.4 million files (CVs/resumes)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential (regulatory violations, identity '
'theft risks)',
'systems_affected': 'AWS S3 bucket'},
'investigation_status': 'Unclear (extent of unauthorized access unknown)',
'lessons_learned': 'Incident underscores risks of misconfigured cloud storage '
'and the need for stricter access controls, encryption, '
'and log reviews.',
'motivation': 'Opportunistic (unauthorized access due to misconfiguration)',
'post_incident_analysis': {'root_causes': 'Misconfigured AWS S3 bucket '
'(unsecured storage)'},
'recommendations': ['Stricter access controls',
'Encryption of sensitive data',
'Regular log reviews',
'Enhanced monitoring'],
'references': [{'source': 'Cybernews research team'}],
'response': {'containment_measures': 'AWS S3 bucket secured after multiple '
'contact attempts',
'enhanced_monitoring': 'Recommended (stricter access controls, '
'encryption, log reviews)'},
'title': 'Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in '
'Unsecured AWS Bucket',
'type': 'Data Exposure',
'vulnerability_exploited': 'Unsecured cloud storage'}