Nordstrom Customers Targeted in Cryptocurrency Scam via Compromised Email System Nordstrom customers recently received fraudulent emails from the company’s legitimate marketing address ([email protected]), promoting a cryptocurrency scam disguised as a St. Patrick’s Day promotion. The messages promised to double any cryptocurrency sent to a specified wallet within two hours, creating a false sense of urgency to pressure recipients into acting quickly. The scam emails contained red flags, including a misspelled company name ("Normstorm") in the subject line, though the official sender address likely led some victims to overlook the deception. Nordstrom later confirmed the messages were unauthorized and warned customers that the company would never request cryptocurrency transactions. A follow-up email urged recipients to disregard the fraudulent offer. While it remains unclear how many customers were affected, some victims reportedly sent funds to the attacker’s wallet, which accumulated over $5,600 in cryptocurrency. According to sources, the breach stemmed from a compromise in Okta SSO and Salesforce Marketing Cloud, allowing threat actors to send the scam emails through Nordstrom’s official channels. This incident mirrors recent attacks on Betterment and GrubHub, which also exploited similar vulnerabilities to distribute crypto scams. Nordstrom, a major U.S. retailer with over $15 billion in annual revenue and millions of customers, has not publicly detailed the extent of the breach or its response beyond issuing customer warnings. The company is investigating the incident.

Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in Unsecured AWS Bucket A major data exposure incident has left the personal details of millions of job seekers vulnerable after U.S.-based hiring and onboarding platform Foh&Boh accidentally left an AWS S3 bucket unsecured, containing 5.4 million files primarily CVs and resumes. The breach, discovered by the Cybernews research team, exposed sensitive applicant information, including work history, contact details, and personal identifiers, which could be exploited for identity theft, phishing attacks, and financial fraud. Foh&Boh serves high-profile clients in the restaurant, hotel, and retail industries, including Taco Bell, KFC, Omni Hotels & Resorts, Nordstrom, and Hyatt Grand. The exposed data could allow cybercriminals to craft highly targeted phishing emails, referencing specific job applications or career details to deceive victims into revealing financial information or installing malware. Researchers warned that attackers might also use the data to open fraudulent bank accounts, apply for credit, or launch synthetic identity scams, particularly targeting individuals in vulnerable financial situations. The unsecured bucket was closed after multiple attempts to contact Foh&Boh, but the extent of unauthorized access remains unclear. The incident underscores the risks of misconfigured cloud storage, with experts recommending stricter access controls, encryption, and log reviews to prevent similar exposures. This breach follows another recent incident involving Luxshare, a key Apple supplier, where a ransomware group allegedly stole confidential data from Apple, Nvidia, and LG. The Foh&Boh leak highlights the growing threat of resume-based cyberattacks, where attackers leverage personal data to bypass security measures and exploit job seekers.

Millions of Job Seekers’ Resumes Exposed in Foh&Boh Data Breach A major data exposure incident involving Foh&Boh, a U.S.-based hiring and onboarding platform for restaurants, hotels, and retailers, has left 5.4 million files primarily CVs and resumes publicly accessible via an unsecured AWS bucket. The breach, discovered by the Cybernews research team, exposed sensitive personal details that job applicants typically share with employers, including work history, contact information, and professional references. The platform serves high-profile clients such as Taco Bell, KFC, Omni Hotels & Resorts, Nordstrom, and Hyatt Grand, raising concerns about the potential misuse of the leaked data. While the dataset was secured after multiple attempts to contact Foh&Boh, the exposure could have enabled targeted phishing attacks, identity theft, and financial fraud. Researchers warned that cybercriminals could exploit the stolen information to craft highly personalized phishing emails, referencing specific job details or career interests to deceive victims. The data could also be weaponized for synthetic identity fraud, allowing attackers to open fraudulent bank accounts or apply for credit under victims’ names. Additionally, scammers might target financially vulnerable individuals with "get-rich-quick" schemes or impersonate past employers to extract further sensitive information. The incident underscores the risks of misconfigured cloud storage, with experts recommending stricter access controls, encryption, and retrospective log reviews to prevent unauthorized access. While the bucket is no longer publicly accessible, the long-term impact on affected job seekers remains unclear.

Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in Unsecured AWS Bucket A major data exposure incident has left the personal details of millions of job seekers vulnerable after U.S.-based hiring platform Foh&Boh accidentally left an AWS S3 bucket unsecured, containing 5.4 million files, primarily CVs and resumes. The breach, discovered by the Cybernews research team, exposed sensitive applicant information including work history, contact details, and personal identifiers making individuals susceptible to targeted phishing, identity theft, and financial fraud. Foh&Boh, which serves high-profile clients such as Taco Bell, KFC, Nordstrom, Omni Hotels & Resorts, and Hyatt Grand, failed to restrict public access to the storage bucket. While the dataset was later secured following multiple contact attempts by researchers, the exposure raises concerns about unauthorized access by malicious actors. Attackers could exploit the leaked data to craft highly personalized phishing emails, impersonate past employers, or launch scams targeting financially vulnerable individuals. The breach also heightens risks of identity theft, with cybercriminals potentially using the stolen details to open fraudulent bank accounts or apply for credit under victims’ names. Researchers warned that the incident could lead to synthetic identity fraud, where attackers combine real and fabricated information to create new, fraudulent identities. This follows another recent breach involving Luxshare, a key Apple supplier, where a ransomware cartel allegedly stole confidential data from Apple, Nvidia, and LG, threatening to leak it unless demands were met. The Foh&Boh incident underscores the persistent risks of misconfigured cloud storage, a common yet preventable security failure. No official statement from Foh&Boh has been released at this time.

On November 5, 2018, the California Attorney General reported a data breach involving Nordstrom, Inc. The breach occurred on October 9, 2018, due to improper handling of employee data by a contract worker, potentially affecting names, Social Security numbers, and other personal information. No customer data was impacted, and the company has taken measures to prevent future incidents.