- According to reports, a hiring company has left millions of CV in a publicly public access AWS cube
- FOH & BOH has associations with leading food and hospitality
- The data set is now closed, but users can still be at risk
Researchers have discovered a set of data that contains an amazing 5 million files, and it is believed that it is mainly CVS (curriculum) of the hiring of the Foh & Boh giant.
Cybernews researchers discovered the public access aws cube containing the recorded records, and after ‘multiple attempts to reach the company’, the data set was closed.
It is not clear if the malicious actors have accessed the data set, but cybercriminals often have automated tools to scan the Internet in search of instances without protection and immediately discharge them, so the victims still face very real risks, this is what that we know so far.
Many personal data
The hiring platform, FOH & BOH, aims to “find and recruit talent for the hotel industry”, and is associated with independent restaurants, franchises, hospitality groups and “some of the largest hotel chains in the world.” The platform has associations with industry giants such as Nobu, Taco Bell and KFC.
Of course, CVs contain personal identification information (PII), and the research team states that this filtration includes complete names, telephone numbers, email addresses, social media links and employment and education stories, among others.
The data were available online for a fairly significant period of time, with Discovery on September 16, 2024, the initial dissemination of October 22, 2024 and the escape was closed on January 8, 2025.
This, like all data leaks, leaves those exposed in danger. Mainly, concern is identity theft, especially because a CV delivers a comprehensive set of personal data to possible attackers.
“The escape significantly increases the risk of identity theft, which allows cybercriminals to create synthetic identities or fraudulent accounts, leaving people exposed to a variety of sophisticated cyber attacks,” the researchers said.
This may sound familiar to some, since only two days ago on February 4, 2025, a large set of data was discovered that contains more than one million CV stored by Valley News Live, so it is a very lousy week for Employment applicants.
Unfortunately, data violations have become part of life for anyone on the web. In 2024, a single violation leaked the details of 100 million Americans (although the total is now reported in 190 million, so almost 75% of American adults), which only shows that no one is safe.
It is also a risk with violated credentials, they are social engineering attacks. These commonly come in the form of phishing campaigns, and are designed around the information that computer pirates have obtained, often seem to know the victim personally or take advantage of people in difficult financial situations by offering scams ‘get Rich rapid’ .
“The attackers could create highly personalized emails that refer to specific details or interests of the curriculums, which makes their attempts of Phishing more and more convincing,” the researchers said. “This directed approach could fool the candidates more easily, exposing them to greater risks.”
How to stay safe
To protect yourself from the risk of identity theft, it is crucial to closely monitor all your accounts. Monitoring your cards, statements and transactions for any suspicious activity means that you can quickly identify any problem.
If a service you use has suffered a data violation, be sure to change your password, and probably your passwords to any site containing confidential information. If you want some tips on how to choose a safe password, we have listed some here.
In summary, include letters, numbers and special capital and lowercase characters, and never reuse a password, especially for sites that carry important information such as health or financial data.
If all that seems a bit overwhelming, we have tried all the best password administrators and the best password generators to simplify the process.
Phishing attacks are more commonly delivered in the form of emails, so be very careful with any email that urges you to take measures, or one that hastened to click on a link or download a file.
Check domain names and email addresses twice, such as Supp0rt@Google instead of support@Google, since this is a great indicator that something may not be correct.
We have made a complete guide on how to detect a Phishing email for anyone who wants to make sure they are wise to the tricks of scammers.
