Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Omni Hotels & Resorts

Omni Hotels & Resorts Vendor Cyber Rating & Cyber Score

omnihotels.com

Omni Hotels and Resorts creates genuine, authentic guest experiences at 50 distinctive luxury hotels and resorts in leading business gateways and leisure destinations across North America. From exceptional golf and spa retreats to dynamic business settings, each Omni Hotel and Resort showcases the local flavor of the destination while featuring four-diamond services, signature restaurants, Wi-Fi connectivity and unique wellness options. Known for its award-winning, personalized service, Omni Hotels leaves a lasting impression with every customer interaction, with a heightened level of recognition and rewards delivered through its Select Guest loyalty program and the company's "Power of One"​ associate empowerment program.


OHR A.I CyberSecurity Scoring

OHR
Company Information
Website:http://www.omnihotels.com/
Employees number:8,851
Number of followers:143,805
NAICS:7211
Industry Type:Hospitality
Homepage:omnihotels.com
OHR Risk Score (AI oriented)
Between 600 and 649
logo
OHRHospitality
Updated:
03/04/2026
644/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
OHR Global Score (TPRM)
xxxx
logo
OHRHospitality
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

OHR
OHRPoor
Current Score
644Caa (POOR)
01000
4 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
651Before Incident
JUNE 2026
650Before Incident
MAY 2026
646Before Incident
APRIL 2026
646Before Incident
MARCH 2026
643Before Incident
FEBRUARY 2026
640Before Incident
JANUARY 2026
637Before Incident
DECEMBER 2025
633Before Incident
NOVEMBER 2025
633Before Incident
OCTOBER 2025
630Before Incident
SEPTEMBER 2025
627Before Incident
AUGUST 2025
624Before Incident
FEBRUARY 2025
760Before Incident
Breach
06 Feb 2025OHR
Foh&Boh, Nordstrom, Hyatt Grand and Omni Hotels & Resorts: Hiring platform serves users raw with 5.4 million CVs exposed

Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in Unsecured AWS Bucket

602After Incident
CRITICAL-158
FOHNORHYAOMN1769001286
Hiring Platform Foh&Boh Exposes 5.4 Million Job Seekers’ Resumes in Unsecured AWS Bucket A major data exposure incident has left the personal details of millions of job seekers vulnerable after U.S.-based hiring platform Foh&Boh accidentally left an AWS S3 bucket unsecured, containing 5.4 million files, primarily CVs and resumes. The breach, discovered by the Cybernews research team, exposed sensitive applicant information including work history, contact details, and personal identifiers making individuals susceptible to targeted phishing, identity theft, and financial fraud. Foh&Boh, which serves high-profile clients such as Taco Bell, KFC, Nordstrom, Omni Hotels & Resorts, and Hyatt Grand, failed to restrict public access to the storage bucket. While the dataset was later secured following multiple contact attempts by researchers, the exposure raises concerns about unauthorized access by malicious actors. Attackers could exploit the leaked data to craft highly personalized phishing emails, impersonate past employers, or launch scams targeting financially vulnerable individuals. The breach also heightens risks of identity theft, with cybercriminals potentially using the stolen details to open fraudulent bank accounts or apply for credit under victims’ names. Researchers warned that the incident could lead to synthetic identity fraud, where attackers combine real and fabricated information to create new, fraudulent identities. This follows another recent breach involving Luxshare, a key Apple supplier, where a ransomware cartel allegedly stole confidential data from Apple, Nvidia, and LG, threatening to leak it unless demands were met. The Foh&Boh incident underscores the persistent risks of misconfigured cloud storage, a common yet preventable security failure. No official statement from Foh&Boh has been released at this time.
INCIDENT DETAILS -
TYPE
Data Exposure
IMPACT
Data Compromised: 5.4 million files (CVs and resumes)Systems Affected: AWS S3 bucketBrand Reputation Impact: YesIdentity Theft Risk: Yes
DATA BREACH
CVsResumesWork historyContact detailsPersonal identifiersNumber Of Records Exposed: 5.4 million filesSensitivity Of Data: HighPDFDOCDOCXPersonally Identifiable Information: Yes
Breach
06 Feb 2025OHR
Foh&Boh, KFC, Nordstrom, Hyatt Grand and Omni Hotels & Resorts: Hiring platform serves users raw with 5.4 million CVs exposed

Millions of Job Seekers’ Resumes Exposed in Foh&Boh Data Breach

602After Incident
CRITICAL-158
FOHKFCNORHYAOMN1769001235
Millions of Job Seekers’ Resumes Exposed in Foh&Boh Data Breach A major data exposure incident involving Foh&Boh, a U.S.-based hiring and onboarding platform for restaurants, hotels, and retailers, has left 5.4 million files primarily CVs and resumes publicly accessible via an unsecured AWS bucket. The breach, discovered by the Cybernews research team, exposed sensitive personal details that job applicants typically share with employers, including work history, contact information, and professional references. The platform serves high-profile clients such as Taco Bell, KFC, Omni Hotels & Resorts, Nordstrom, and Hyatt Grand, raising concerns about the potential misuse of the leaked data. While the dataset was secured after multiple attempts to contact Foh&Boh, the exposure could have enabled targeted phishing attacks, identity theft, and financial fraud. Researchers warned that cybercriminals could exploit the stolen information to craft highly personalized phishing emails, referencing specific job details or career interests to deceive victims. The data could also be weaponized for synthetic identity fraud, allowing attackers to open fraudulent bank accounts or apply for credit under victims’ names. Additionally, scammers might target financially vulnerable individuals with "get-rich-quick" schemes or impersonate past employers to extract further sensitive information. The incident underscores the risks of misconfigured cloud storage, with experts recommending stricter access controls, encryption, and retrospective log reviews to prevent unauthorized access. While the bucket is no longer publicly accessible, the long-term impact on affected job seekers remains unclear.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: 5.4 million files (CVs and resumes)Systems Affected: AWS bucketBrand Reputation Impact: Potential reputational damage to Foh&Boh and its clientsIdentity Theft Risk: High (synthetic identity fraud, financial fraud)
DATA BREACH
CVsResumesNumber Of Records Exposed: 5.4 million filesSensitivity Of Data: High (work history, contact information, professional references)Personally Identifiable Information: Yes (contact information, work history, professional references)
JUNE 2024
793Before Incident
Cyber Attack
16 Jun 2024OHR
Omni Hotels

Smart Building Cybersecurity Vulnerabilities and Risks (2024)

757After Incident
CRITICAL-36
OMN3332533102125
In 2024, Omni Hotels fell victim to a targeted cyberattack that severely disrupted its core operations. The breach compromised the hotel chain’s reservation and check-in systems, rendering room key card functionality inoperable and crippling payment processing across multiple locations. Guests experienced prolonged delays, denied access to rooms, and financial transaction failures, leading to widespread frustration and reputational damage. The attack exploited vulnerabilities in the hotel’s interconnected building management systems (BMS), which govern critical infrastructure like HVAC, security, and access control. Investigations suggested the intruders leveraged outdated software or weak authentication protocols—common in legacy BMS environments—to gain unauthorized access. While no immediate physical harm was reported, the operational paralysis threatened guest safety protocols (e.g., fire alarms, emergency exits) and exposed sensitive customer data during the payment outage. The incident forced Omni to implement emergency manual overrides, incur significant recovery costs, and face potential legal liabilities from affected guests. Insurers scrutinized the hotel’s cybersecurity posture, complicating claims for business interruption losses. The attack underscored the risks of unpatched smart building technologies, where operational convenience intersects with high-stakes cyber threats.
INCIDENT DETAILS -
TYPE
Cybersecurity Vulnerability ExposureOperational Technology (OT) RiskSupply Chain Risk
MOTIVATION
Financial Gain (Ransomware)Operational DisruptionData TheftEspionage (State-Backed Potential)
IMPACT
Building Management Systems (BMS)HVAC ControlsLighting SystemsElevatorsFire Safety SystemsSecurity CamerasAccess Control (Door/Keycard Systems)Reservation/Payment Systems (e.g., Omni Hotels)Undisclosed (Potential Prolonged Due to Unnoticed Intrusions)Omni Hotels: Reservation/Check-in/Payment Disruptions (2024)Physical Safety Risks (e.g., Disabled Fire Alarms)Maintenance Misattribution (AC/Elevator Failures)Tenant Trust ErosionProperty Value DeclinePotential Increase Due to Service Disruptions (e.g., Omni Hotels)High (Loss of Tenant/Customer Trust)Deterrent for New OccupantsPotential Lawsuits from Safety Incidents (e.g., Fire Alarm Failures)Regulatory Non-Compliance (Data Breaches)Exposed in Omni Hotels Incident (2024)
DATA BREACH
Potential: Building Occupancy PatternsPayment Data (Omni Hotels)PII (If Facial Recognition Used)Medium to High (Operational + Potential PII)Possible in Unnoticed IntrusionsLikely Absent in Legacy Protocols (BACnet/Modbus)Potential (If Biometric/Facial Recognition Deployed)
DECEMBER 2015
793Before Incident
Cyber Attack
23 Dec 2015OHR
Omni Hotels & Resorts

Data Breach at Omni Hotels & Resorts

757After Incident
HIGH-36
OMN854080425
The California Office of the Attorney General reported on July 8, 2016, a data breach involving Omni Hotels & Resorts that began on December 23, 2015. The incident involved a malware intrusion affecting point of sale systems, potentially compromising payment card information, including cardholder name, credit/debit card number, security code, and expiration date.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
cardholder namecredit/debit card numbersecurity codeexpiration datepoint of sale systems
DATA BREACH
payment card informationSensitivity Of Data: High

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for OHR ?
?
What was OHR's A.I Rankiteo Cyber Score in June 2026 ?
?
What was OHR's A.I Rankiteo Cyber Score in May 2026 ?
?
What was OHR's A.I Rankiteo Cyber Score in April 2026 ?
?
What was OHR's A.I Rankiteo Cyber Score in March 2026 ?
?
What was OHR's A.I Rankiteo Cyber Score in February 2026 ?
?
What was OHR's A.I Rankiteo Cyber Score in January 2026 ?
?
What was OHR's A.I Rankiteo Cyber Score in December 2025 ?
?
What was OHR's A.I Rankiteo Cyber Score in November 2025 ?
?
What was OHR's A.I Rankiteo Cyber Score in October 2025 ?
?
What was OHR's A.I Rankiteo Cyber Score in September 2025 ?
?
What was OHR's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on OHR's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with OHR ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view OHR's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?