Job seekers might love to complain about LinkedIn, but it’s a new hiring platform that has committed the ultimate faux pas. Millions of resumes and CVs have been leaked via a service called Foh&Boh, which manages applications for popular retail, restaurant, and hospitality corporations.
Data Uploaded to Foh&Boh Has Been Exposed
A research team from Cybernews has discovered that millions of CVs and resumes have been accidentally exposed by Foh&Boh, a hiring and onboarding platform that works with some widely recognizable US-based companies, including:
This means that if you’ve applied for jobs at one of these places or others using Foh&Boh, your personal data might have found its way into the hands of a cybercriminal.
According to the researchCybernews publishedtoday, “5.4 million files” stored in an Amazon Web Services (AWS) bucket, or cloud storage system, were exposed to the public from at least September 2024. The leak was shut down in January 2025. Because those files were largely job application materials, they included details like phone numbers, email addresses, dates of birth, and employment history—among other personal data.
How Could the Foh&Boh Leak Affect You?
Unfortunately, this type of leak is ripe for identity theft and phishing schemes. The Cybernews researchers put it this way:
“The leak significantly heightens the risk of identity theft, enabling cybercriminals to create synthetic identities or fraudulent accounts, leaving individuals exposed to a range of sophisticated cyberattacks.”
Identity Theft
First and foremost, it’s a good idea to keep an eye on your credit. Personal identification information, like that found on your resume, can be used to apply for fraudulent bank accounts. Tools likeNordVPN offer identity protection services, such as keeping tabs on your credit score.
You may also monitor your social media apps, ashackers tend to love these types of personal data-rich accounts.
Phishing Schemes
Additionally, you should be cautious about targeted phishing attempts. With data like employment and education history, cybercriminals can make a phishing message more convincing. For example, an attacker could email you pretending to be from your alma mater asking for donations, or from a previous employer requesting financial documents.
Data leaks are unfortunate consequences of our day-to-day processes existing online. Personally, I try to keep the personal details on my resume to a minimum, but you don’t always have a choice with some employers requesting specific data. With that said, it’s best to assume that uploading identification information to any sort of cloud might not be secure. Hence, tools that monitor signs of identity theft can be your best friend.
