Foh&Boh data leak leaves millions of CVs exposed – KFS, Taco Bell, Nordstrom applicants at risk

by DTM | Posted on
  • A hiring company has reportedly left millions of CVs in a publicly accessible AWS bucket
  • Foh&Boh has partnerships with leading food and hospitality services
  • The dataset is now closed, but users may still be at risk

A dataset containing a staggering 5.4 million files has been discovered by researchers online, and is believed to be primarily CVs (resumes) from hiring giant Foh&Boh.

Researchers from CyberNews discovered the publicly accessible AWS bucket containing the exposed records, and after ‘multiple attempts to reach the company’, the dataset was closed.

It’s not clear whether malicious actors have accessed the dataset, but cybercriminals often have automated tools to scan the internet for unprotected instances, and immediately download them, so victims still face very real risks – here’s what we know so far.

Plenty of personal data

The hiring platform, Foh&Boh, aims to ‘find and recruit talent for the hospitality industry’, and partners with independent restaurants, franchises, hospitality groups, and ‘some of the world’s largest hotel chains. The platform boasts partnerships with industry giants like Nobu, Taco Bell, and KFC.

Of course, CVs contain personally identifiable information (PII), and the research team claims this leak includes full names, phone numbers, email addresses, social media links, and employment and education histories, among others.

The data was available online for a fairly significant period of time, with discovery on September 16, 2024, initial disclosure on October 22 2024, and the leak closed on January 8 2025.

This, like all data leaks, leaves those exposed in danger. Primarily, the concern is identity theft, especially since a CV hands over a comprehensive set of personal details over to potential attackers.

“The leak significantly heightens the risk of identity theft, enabling cybercriminals to create synthetic identities or fraudulent accounts, leaving individuals exposed to a range of sophisticated cyberattacks,” the researchers said.

This might sound familiar to some, as just two days ago on the February 4 2025, a large dataset containing over a million CVs stored by Valley News Live was discovered, so it’s a pretty lousy week for jobseekers.

Data breaches have unfortunately become a part of life for anyone on the web. In 2024, one single breach leaked the details of 100 million Americans (although the total is now reported at 190 million – so almost 75% of US adults) – which just shows that no-one is safe.

Also a risk with breached credentials, is social engineering attacks. These commonly come in the form of phishing campaigns, and are designed around the information hackers have obtained, often appearing to know the victim personally or preying on people in difficult financial situations by offering ‘get rich quick’ scams.

“Attackers could craft highly personalized emails referencing specific job details or interests from the resumes, making their phishing attempts ever more convincing” the researchers said. “This targeted approach could deceive candidates more easily, exposing them to further risks.”

How to stay safe

To protect yourself from the risk of identity theft, it’s crucial to keep a close eye on all of your accounts. Monitoring your cards, statements, and transactions for any suspicious activity means that you can quickly identify any issues.

If a service you use has suffered a data breach, make sure you change your password – and probably your passwords to any site that would hold sensitive information. If you’d like some tips on how to choose a secure password, we’ve listed some here.

In short, include capital and lowercase letters, numbers, and special characters – and never reuse a password, especially for sites that carry important information like health or financial data.

If that all seems a little overwhelming, we’ve tested out all the best password managers and the best password generators to simplify the process.

Phishing attacks are most commonly delivered in the form of emails, so be very cautious of any email that urges you to take action, or one which rushes you to click a link or download a file.

Double check any domain names and email addresses, like supp0rt@google instead of support@google, as this is a big indicator that something may not be right.

We’ve made a comprehensive guide on how to spot a phishing email for anyone who wants to make sure they’re wise to scammer’s tricks.

You might also like