Manpower, one of the world’s largest staffing companies, is notifying nearly 145,000 individuals that attackers stole their information after breaching the company’s systems in December 2024.
Alongside Experis and Talent Solutions, the company forms part of ManpowerGroup, a multinational corporation that employs over 600,000 workers in more than 2,700 offices and serves over 100,000 clients worldwide. Last year, ManpowerGroup reported revenues of $17.9 billion and a total gross profit of $3.1 billion.
According to a data breach filing with the Office of Maine’s Attorney General this week, Manpower is now alerting 144,189 individuals impacted by a data breach after undisclosed attackers gained access to the company’s systems in late December.
The company detected the incident while investigating an IT systems outage at its Lansing, Michigan, office on January 20.
“Through that investigation, we learned of information suggesting that an unknown actor gained unauthorized access to our network between December 29, 2024 and January 12, 2025 and potentially acquired certain files, some of which may have contained certain individuals’ personal information,” Manpower states in breach notification letters sent to affected individuals.
“On or about July 28, 2025, Manpower of Lansing learned that your personal information may have been involved in connection with the incident which is the reason for this notification.”
After discovering the incident, the company asserts that it has strengthened its IT security to prevent future breaches and is now collaborating with the FBI to hold the attackers accountable.
Additionally, Manpower is offering those affected by this data breach free credit monitoring and identity theft protection services through Equifax.
Attack claimed by RansomHub ransomware
While the company has yet to attribute the attack to a specific threat actor or cybercrime group, the RansomHub ransomware operation claimed responsibility for the attack in January, shortly after Manpower announced that it had discovered the breach.
The ransomware gang asserted that it stole approximately 500GB of data from Manpower’s compromised systems, which contained a wide range of client and corporate information.
As the attackers stated, the stolen files included databases of clients, encompassing personal and corporate data such as passport scans, IDs, Social Security Numbers (SSNs), addresses, contact information, test results, and other sensitive data. Additionally, they contained years of corporate correspondence, financial statements, HR data analytics, as well as confidential contracts and non-disclosure agreements.
RansomHub has since removed the Manpower entry from its dark web leak site, suggesting that the company may have paid a ransom to have the data deleted.
The RansomHub ransomware-as-a-service (RaaS) operation, previously known as Cyclops and Knight, surfaced in February 2024 and has since claimed many high-profile victims, including oil services giant Halliburton, the Rite Aid drugstore chain, Kawasaki‘s EU division, the Christie‘s auction house, US telecom provider Frontier Communications, the Planned Parenthood sexual health nonprofit, and the Bologna Football Club.
This ransomware gang also leaked Change Healthcare’s stolen data after the most significant healthcare breach in recent years, which impacted over 190 million individuals, as well as the BlackCat/ALPHV ransomware operation’s exit scam.
One year ago, the FBI reported that RansomHub affiliates had breached over 200 critical infrastructure organizations in the United States as of August 2024.
A Manpower spokesperson was not immediately available for comment when contacted by BleepingComputer.
Source: BleepingComputer, Sergiu Gatlan
Read more at Impreza News
