Manpower Data Breach Impacts 145,000 Individuals
▼ Summary
– Manpower, a major staffing company, notified 144,189 individuals of a data breach after attackers accessed its systems between December 2024 and January 2025.
– The breach was discovered during an IT outage investigation at a Lansing, Michigan franchise, with stolen files potentially containing personal information.
– RansomHub ransomware gang claimed responsibility, alleging theft of 500GB of data including client details, corporate correspondence, and financial records.
– Manpower has since enhanced its IT security, is collaborating with the FBI, and is offering affected individuals free credit monitoring and identity theft protection.
– The company clarified that the breach only impacted the Lansing franchise’s independent systems, not ManpowerGroup’s corporate network.
Manpower, a global staffing leader, has confirmed a significant data breach affecting nearly 145,000 individuals after cybercriminals infiltrated its systems late last year. The incident, discovered during an IT outage investigation at a Michigan franchise, exposed sensitive personal and corporate data, prompting the company to notify victims and bolster security measures.
The breach occurred between December 29, 2024, and January 12, 2025, with unauthorized access to files containing personal information. Manpower detected the intrusion on January 20 and later confirmed the scope of the compromise. Affected individuals are being offered free credit monitoring and identity theft protection through Equifax as part of the response.
While Manpower has not publicly identified the attackers, the RansomHub ransomware group claimed responsibility in January, alleging theft of roughly 500GB of data. The stolen files reportedly included client databases with passport scans, Social Security numbers, addresses, and confidential corporate documents. RansomHub later removed Manpower from its leak site, hinting at a potential ransom payment.
RansomHub, a notorious ransomware-as-a-service operation, has targeted high-profile organizations like Halliburton, Rite Aid, and Christie’s auction house. The group also leaked data from Change Healthcare after one of the largest healthcare breaches in history. The FBI previously linked RansomHub affiliates to over 200 critical infrastructure attacks in the U.S.
ManpowerGroup clarified that the breach was limited to a franchise-operated system and did not compromise its corporate network. A spokesperson emphasized that the Lansing franchise, which operates independently, is managing the direct response with corporate support.
The company continues to collaborate with law enforcement, including the FBI, to investigate the incident and mitigate future risks. This breach underscores the escalating threat of ransomware attacks targeting organizations with vast troves of sensitive data.
Updated August 13, 2024, to include ManpowerGroup’s official statement.
(Source: BLEEPING COMPUTER)
