Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in Unsecured AWS Bucket A major data exposure incident has left the personal details of millions of job seekers vulnerable after U.S.-based hiring and onboarding platform Foh&Boh accidentally left an AWS S3 bucket unsecured, containing 5.4 million files primarily CVs and resumes. The breach, discovered by the Cybernews research team, exposed sensitive applicant information, including work history, contact details, and personal identifiers, which could be exploited for identity theft, phishing attacks, and financial fraud. Foh&Boh serves high-profile clients in the restaurant, hotel, and retail industries, including Taco Bell, KFC, Omni Hotels & Resorts, Nordstrom, and Hyatt Grand. The exposed data could allow cybercriminals to craft highly targeted phishing emails, referencing specific job applications or career details to deceive victims into revealing financial information or installing malware. Researchers warned that attackers might also use the data to open fraudulent bank accounts, apply for credit, or launch synthetic identity scams, particularly targeting individuals in vulnerable financial situations. The unsecured bucket was closed after multiple attempts to contact Foh&Boh, but the extent of unauthorized access remains unclear. The incident underscores the risks of misconfigured cloud storage, with experts recommending stricter access controls, encryption, and log reviews to prevent similar exposures. This breach follows another recent incident involving Luxshare, a key Apple supplier, where a ransomware group allegedly stole confidential data from Apple, Nvidia, and LG. The Foh&Boh leak highlights the growing threat of resume-based cyberattacks, where attackers leverage personal data to bypass security measures and exploit job seekers.

Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in Unsecured AWS Bucket A major data exposure incident has left the personal details of millions of job seekers vulnerable after U.S.-based hiring platform Foh&Boh accidentally left an AWS S3 bucket unsecured, containing 5.4 million files, primarily CVs and resumes. The breach, discovered by the Cybernews research team, exposed sensitive applicant information including work history, contact details, and personal identifiers making individuals susceptible to targeted phishing, identity theft, and financial fraud. Foh&Boh, which serves high-profile clients such as Taco Bell, KFC, Nordstrom, Omni Hotels & Resorts, and Hyatt Grand, failed to restrict public access to the storage bucket. While the dataset was later secured following multiple contact attempts by researchers, the exposure raises concerns about unauthorized access by malicious actors. Attackers could exploit the leaked data to craft highly personalized phishing emails, impersonate past employers, or launch scams targeting financially vulnerable individuals. The breach also heightens risks of identity theft, with cybercriminals potentially using the stolen details to open fraudulent bank accounts or apply for credit under victims’ names. Researchers warned that the incident could lead to synthetic identity fraud, where attackers combine real and fabricated information to create new, fraudulent identities. This follows another recent breach involving Luxshare, a key Apple supplier, where a ransomware cartel allegedly stole confidential data from Apple, Nvidia, and LG, threatening to leak it unless demands were met. The Foh&Boh incident underscores the persistent risks of misconfigured cloud storage, a common yet preventable security failure. No official statement from Foh&Boh has been released at this time.

Hyatt Hotels Hit by NightSpire Ransomware Attack: 48.5GB of Data Allegedly Stolen A newly emerged ransomware group, NightSpire, has claimed responsibility for a cyberattack on Hyatt Hotels Corporation, posting stolen data on the dark web after failed negotiations. The breach, disclosed on January 19, 2025, involves 48.5GB of sensitive information allegedly exfiltrated from the Hyatt Place Chelsea in New York, though the full scope remains unconfirmed by Hyatt. NightSpire, first identified in March 2025, employs a double-extortion tactic, encrypting victims’ data and threatening to leak it unless a ransom is paid. The group has listed 105 victims on its leak site, with the U.S. as its top target, followed by Taiwan, Hong Kong, Egypt, and several European nations. Unlike geopolitically motivated attacks, NightSpire appears financially driven, though it remains unclear whether it operates as a Ransomware-as-a-Service (RaaS) group or an independent collective. The leaked data includes internal documents, employee credentials, and financial records, raising concerns about lateral movement within Hyatt’s network and social engineering risks. Cybernews researchers confirmed the authenticity of samples, which feature screenshots of expense reports, employee names, and potential access to Hyatt’s internal CMS. If verified, this would mark the second major Hyatt data leak in 2025, following an earlier breach involving a U.S. hiring platform that exposed millions of resumes, including Hyatt employee data. Hyatt, a Chicago-based hospitality giant with 1,450+ properties across 80 countries and $6.9 billion in 2025 revenue, has not yet responded to requests for confirmation. The company’s portfolio spans luxury and mass-market brands, including Park Hyatt, Grand Hyatt, and Hyatt Regency. NightSpire’s post on the dark web includes a public download link, a tactic used to pressure victims into paying ransoms. The group’s rapid rise listing over 100 victims in under a year signals a growing threat in the ransomware landscape.

Cl0p Ransomware Gang Claims Breach of Hilton, Allegedly Stealing 48.5GB of Data The Russia-linked ransomware group Cl0p has added Hilton, one of the world’s largest hotel chains, to its dark web leak site, alleging a successful cyberattack. The claim, posted on January 25, lists hilton.com as the latest victim, though no independent verification or data samples have been provided to confirm the breach. Cl0p, known for its double-extortion tactics, typically steals and encrypts victim data, then threatens to publish it unless a ransom is paid. In this case, the gang claims to have exfiltrated 48.5GB of documents from the Hyatt Place Chelsea New York hotel, making the data publicly accessible for download. The group’s unusual communication style posting demands on its dark web blog rather than contacting victims directly may stem from being overwhelmed by the volume of attacks. Hilton, which operates over 600 properties across 94 countries and boasts 195 million loyalty program members, represents a high-value target due to its vast trove of customer and corporate data. Ransomware groups often calculate demands based on a victim’s revenue, with initial ransom requests ranging from 0.05% to 5% of annual earnings Hilton reported $11.7 billion in revenue in 2023. While Cl0p has a history of high-profile attacks, including breaches of file transfer platforms that impacted thousands of organizations, Hilton has not publicly confirmed the incident. The gang’s claims remain unverified, and no details about the type of data allegedly stolen have been disclosed. This follows a recent ransomware attack on another U.S. hotel chain, underscoring the growing threat to the hospitality sector. Despite a 2021 law enforcement crackdown, Cl0p has resurged, operating under a ransomware-as-a-service (RaaS) model, where affiliates deploy its malware in exchange for a cut of ransom payments.

The Washington State Office of the Attorney General reported a data breach involving Hyatt Hotels Corporation on October 12, 2017. The breach occurred between March 18, 2017 and July 2, 2017, potentially affecting 640 Washington residents with unauthorized access to payment card information, including cardholder names, card numbers, expiration dates, and internal verification codes.

Hyatt Hotels chain across the was infected by a malware attack back in January 2016. The attackers designed the malware to exfiltrated payment card information including cardholder names, card numbers, expiration dates, and internal verification code affected payment processing systems. The hotel chain offered one year’s free protection to those affected by the breach,

The Washington Office of the Attorney General reported a data breach involving Hyatt Hotels Corporation on January 14, 2016. The breach, which involved unauthorized access to payment card data, occurred between August 13, 2015, and December 8, 2015, affecting 15 individuals. The breach was due to malware specifically designed to target payment card data.

NightSpire Ransomware Group Claims Breach of Hyatt Hotels, Stealing 50GB of Sensitive Data In the early hours of January 14, 2026, the ransomware group NightSpire announced it had infiltrated the systems of Hyatt Hotels Corporation, specifically targeting the Hyatt Place New York / Chelsea property. The group claimed to have exfiltrated nearly 50 gigabytes of data, including employee login credentials, financial records, and internal documents, which were later made available for free download on underground forums. This incident marks another high-profile cyberattack on the hospitality sector, following Hyatt’s previous breaches in 2015 and 2016, which involved payment system malware. While NightSpire’s claims have not been officially confirmed by Hyatt, initial analyses from threat intelligence firms suggest the leaked data samples such as financial spreadsheets and login details appear legitimate. As of January 20, Hyatt has not issued a public statement, leaving the full extent of the breach unconfirmed. Attack Mechanics and Motives NightSpire allegedly exploited vulnerabilities in Hyatt’s network infrastructure, potentially through phishing or unpatched software flaws. Unlike traditional ransomware attacks that encrypt data for extortion, the group opted to publicly release the stolen data, a tactic that may aim to disrupt operations, build notoriety, or pressure negotiations. This approach deviates from conventional ransomware models, raising concerns about the group’s long-term objectives. The breach echoes past attacks on the hospitality industry, including Marriott’s 2018 breach, which exposed 500 million guest records. Industry experts warn that the compromise of employee credentials could enable further intrusions, amplifying the threat beyond the initial breach. Broader Industry Impact The incident underscores the persistent vulnerabilities in the hotel sector, where interconnected systems for reservations, payments, and guest services create lucrative targets for cybercriminals. The Hyatt Place New York / Chelsea, a high-traffic location, handles sensitive data from thousands of guests annually, making it a prime target. NightSpire, a relatively new but rapidly emerging ransomware-as-a-service (RaaS) group, has been linked to other recent operations. Their hybrid strategy stealing and leaking data rather than encrypting it mirrors tactics used by established groups like LockBit and Conti, though with a focus on disruption over direct financial gain. The free distribution of stolen data raises alarms about identity theft and fraud, particularly if compromised credentials are reused across systems. Regulatory and Operational Fallout As Hyatt remains silent, industry observers speculate that internal investigations are underway to verify the breach and assess exposure. Past responses, such as the 2016 malware attack affecting 250 properties, involved credit monitoring for affected guests and enhanced security measures. Experts recommend immediate steps, including credential resets and vulnerability scans, while advocating for zero-trust architectures to limit future risks. Regulatory bodies, including the FTC, may scrutinize Hyatt’s data protection practices, potentially leading to fines if negligence is found. The breach could accelerate the adoption of stricter cybersecurity standards across the hospitality sector, pushing companies to prioritize resilience over cost-cutting. A Growing Threat Landscape The NightSpire incident aligns with a surge in ransomware attacks targeting travel and hospitality, including recent breaches at South Korean conglomerate Kyowon and a massive Instagram data leak affecting 17.5 million users. For guests, the risks include phishing attempts using stolen data, while hotels face recovery costs, legal fees, and reputational damage. As cybercriminals refine their tactics, the hospitality industry must adapt. Emerging solutions, such as AI-driven anomaly detection and proactive threat monitoring, are being developed to counter evolving threats. The Hyatt breach serves as a stark reminder of the cat-and-mouse dynamic between attackers and defenders, emphasizing the need for proactive vigilance in an increasingly digital landscape.