Manpower Staffing Hit by Major Data Breach
â–Ľ Summary
– Manpower confirmed a data breach affecting 144,189 people, stemming from a cyberattack on its Lansing, Michigan franchise.
– The breach occurred between December 29, 2024, and January 12, 2025, with unauthorized access detected during an IT outage investigation on January 20.
– Compromised data included names and personal information, with affected individuals notified on August 11 and offered 12 months of free credit monitoring.
– Manpower reported the incident to the FBI and stated the breach was isolated to the franchise’s independent data platform, not corporate systems.
– The RansomHub ransomware group claimed responsibility for the attack, alleging they exfiltrated 500GB of data.
Manpower Group, a global leader in workforce solutions, has disclosed a significant cybersecurity incident impacting over 144,000 individuals. The breach originated at one of its franchise locations in Lansing, Michigan, highlighting vulnerabilities in decentralized operations.
According to official filings, unauthorized access was detected on January 20, 2025, during an investigation into system outages. Forensic analysis later revealed the breach spanned from December 29, 2024, to January 12, 2025, with attackers potentially exfiltrating sensitive personal data. Affected individuals received notification letters in August, confirming compromised details such as names and contact information.
Immediate response measures included securing the IT infrastructure and collaborating with law enforcement, including the FBI. Manpower emphasized that the incident was confined to the franchise’s independent systems, leaving corporate networks untouched. A spokesperson clarified, “The Lansing franchise operates on a separate platform, isolating the impact. Corporate teams are assisting with remediation efforts.”
Victims were offered 12 months of complimentary credit monitoring through Equifax to mitigate identity theft risks. The breach gained notoriety when the RansomHub ransomware group claimed responsibility, alleging theft of 500GB of data. While Manpower has not confirmed the group’s involvement, the incident underscores the persistent threat of targeted attacks on staffing agencies handling vast amounts of personal data.
Security experts stress the importance of multi-layered defenses for franchises operating under larger brands, as localized breaches can still erode consumer trust. Manpower’s proactive notification and remediation efforts aim to rebuild confidence while addressing gaps in its franchisee security protocols.
Editor’s note: Additional details from ManpowerGroup were incorporated to clarify the scope of the breach.
(Source: InfoSecurity Magazine)
