OHR A.I CyberSecurity Scoring
OHR
Company Information
Website:http://www.omnihotels.com/
Employees number:8,851
Number of followers:143,805
NAICS:7211
Industry Type:Hospitality
Homepage:omnihotels.com
OHR Risk Score (AI oriented)
Between 600 and 649
OHRHospitality
Updated:
03/04/2026
03/04/2026
644/1000
Poor
Caa
OHR Global Score (TPRM)
xxxx
OHRHospitality
Score locked

OHRPoor
Current Score
644Caa (POOR)
01000
4 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
651
JUNE 2026
650
MAY 2026
646
APRIL 2026
646
MARCH 2026
643
FEBRUARY 2026
640
JANUARY 2026
637
DECEMBER 2025
633
NOVEMBER 2025
633
OCTOBER 2025
630
SEPTEMBER 2025
627
AUGUST 2025
624
FEBRUARY 2025
760
Breach
06 Feb 2025 • OHR
Foh&Boh, Nordstrom, Hyatt Grand and Omni Hotels & Resorts: Hiring platform serves users raw with 5.4 million CVs exposed
Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in Unsecured AWS Bucket
602
CRITICAL-158
FOHNORHYAOMN1769001286
Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in Unsecured AWS Bucket
A major data exposure incident has left the personal details of millions of job seekers vulnerable after U.S.-based hiring platform Foh&Boh accidentally left an AWS S3 bucket unsecured, containing 5.4 million files, primarily CVs and resumes. The breach, discovered by the Cybernews research team, exposed sensitive applicant information including work history, contact details, and personal identifiers making individuals susceptible to targeted phishing, identity theft, and financial fraud.
Foh&Boh, which serves high-profile clients such as Taco Bell, KFC, Nordstrom, Omni Hotels & Resorts, and Hyatt Grand, failed to restrict public access to the storage bucket. While the dataset was later secured following multiple contact attempts by researchers, the exposure raises concerns about unauthorized access by malicious actors. Attackers could exploit the leaked data to craft highly personalized phishing emails, impersonate past employers, or launch scams targeting financially vulnerable individuals.
The breach also heightens risks of identity theft, with cybercriminals potentially using the stolen details to open fraudulent bank accounts or apply for credit under victims’ names. Researchers warned that the incident could lead to synthetic identity fraud, where attackers combine real and fabricated information to create new, fraudulent identities.
This follows another recent breach involving Luxshare, a key Apple supplier, where a ransomware cartel allegedly stole confidential data from Apple, Nvidia, and LG, threatening to leak it unless demands were met. The Foh&Boh incident underscores the persistent risks of misconfigured cloud storage, a common yet preventable security failure.
No official statement from Foh&Boh has been released at this time.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Breach
06 Feb 2025 • OHR
Foh&Boh, KFC, Nordstrom, Hyatt Grand and Omni Hotels & Resorts: Hiring platform serves users raw with 5.4 million CVs exposed
Millions of Job Seekers’ Resumes Exposed in Foh&Boh Data Breach
602
CRITICAL-158
FOHKFCNORHYAOMN1769001235
Millions of Job Seekers’ Resumes Exposed in Foh&Boh Data Breach
A major data exposure incident involving Foh&Boh, a U.S.-based hiring and onboarding platform for restaurants, hotels, and retailers, has left 5.4 million files primarily CVs and resumes publicly accessible via an unsecured AWS bucket. The breach, discovered by the Cybernews research team, exposed sensitive personal details that job applicants typically share with employers, including work history, contact information, and professional references.
The platform serves high-profile clients such as Taco Bell, KFC, Omni Hotels & Resorts, Nordstrom, and Hyatt Grand, raising concerns about the potential misuse of the leaked data. While the dataset was secured after multiple attempts to contact Foh&Boh, the exposure could have enabled targeted phishing attacks, identity theft, and financial fraud.
Researchers warned that cybercriminals could exploit the stolen information to craft highly personalized phishing emails, referencing specific job details or career interests to deceive victims. The data could also be weaponized for synthetic identity fraud, allowing attackers to open fraudulent bank accounts or apply for credit under victims’ names. Additionally, scammers might target financially vulnerable individuals with "get-rich-quick" schemes or impersonate past employers to extract further sensitive information.
The incident underscores the risks of misconfigured cloud storage, with experts recommending stricter access controls, encryption, and retrospective log reviews to prevent unauthorized access. While the bucket is no longer publicly accessible, the long-term impact on affected job seekers remains unclear.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2024
793
Cyber Attack
16 Jun 2024 • OHR
Omni Hotels
Smart Building Cybersecurity Vulnerabilities and Risks (2024)
757
CRITICAL-36
OMN3332533102125
In 2024, Omni Hotels fell victim to a targeted cyberattack that severely disrupted its core operations. The breach compromised the hotel chain’s reservation and check-in systems, rendering room key card functionality inoperable and crippling payment processing across multiple locations. Guests experienced prolonged delays, denied access to rooms, and financial transaction failures, leading to widespread frustration and reputational damage. The attack exploited vulnerabilities in the hotel’s interconnected building management systems (BMS), which govern critical infrastructure like HVAC, security, and access control. Investigations suggested the intruders leveraged outdated software or weak authentication protocols—common in legacy BMS environments—to gain unauthorized access. While no immediate physical harm was reported, the operational paralysis threatened guest safety protocols (e.g., fire alarms, emergency exits) and exposed sensitive customer data during the payment outage. The incident forced Omni to implement emergency manual overrides, incur significant recovery costs, and face potential legal liabilities from affected guests. Insurers scrutinized the hotel’s cybersecurity posture, complicating claims for business interruption losses. The attack underscored the risks of unpatched smart building technologies, where operational convenience intersects with high-stakes cyber threats.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2015
793
Cyber Attack
23 Dec 2015 • OHR
Omni Hotels & Resorts
Data Breach at Omni Hotels & Resorts
757
HIGH-36
OMN854080425
The California Office of the Attorney General reported on July 8, 2016, a data breach involving Omni Hotels & Resorts that began on December 23, 2015. The incident involved a malware intrusion affecting point of sale systems, potentially compromising payment card information, including cardholder name, credit/debit card number, security code, and expiration date.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for OHR ??
What was OHR's A.I Rankiteo Cyber Score in June 2026 ??
What was OHR's A.I Rankiteo Cyber Score in May 2026 ??
What was OHR's A.I Rankiteo Cyber Score in April 2026 ??
What was OHR's A.I Rankiteo Cyber Score in March 2026 ??
What was OHR's A.I Rankiteo Cyber Score in February 2026 ??
What was OHR's A.I Rankiteo Cyber Score in January 2026 ??
What was OHR's A.I Rankiteo Cyber Score in December 2025 ??
What was OHR's A.I Rankiteo Cyber Score in November 2025 ??
What was OHR's A.I Rankiteo Cyber Score in October 2025 ??
What was OHR's A.I Rankiteo Cyber Score in September 2025 ??
What was OHR's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on OHR's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with OHR ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view OHR's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?