Leading U.S. hiring and onboarding platform Foh&Boh — which counts KFC, Nordstrom, and Omni Hotels & Resorts as its clients — had 5.4 million job applicant records, most of which are resumes and curricula vitae, exposed as a result of a misconfigured AWS bucket, which was only secured in early January despite being identified in September, Cybernews reports.
Included in the leaked records were individuals' names, birthdates, birthplaces, phone numbers, email addresses, nationalities, employment histories, educational backgrounds, and social media links, according to Cybernews researchers, who noted that such information could be exploited in targeted phishing campaigns and malware intrusions."The leak significantly heightens the risk of identity theft, enabling cybercriminals to create synthetic identities or fraudulent accounts, leaving individuals exposed to a range of sophisticated cyberattacks," said researchers.Organizations have been urged to adopt more restricted access controls, server-side encryption, the AWS Key Management Service, and SSL/TLS protocols to better protect their data from inadvertent exposure.
Included in the leaked records were individuals' names, birthdates, birthplaces, phone numbers, email addresses, nationalities, employment histories, educational backgrounds, and social media links, according to Cybernews researchers, who noted that such information could be exploited in targeted phishing campaigns and malware intrusions."The leak significantly heightens the risk of identity theft, enabling cybercriminals to create synthetic identities or fraudulent accounts, leaving individuals exposed to a range of sophisticated cyberattacks," said researchers.Organizations have been urged to adopt more restricted access controls, server-side encryption, the AWS Key Management Service, and SSL/TLS protocols to better protect their data from inadvertent exposure.
